DocsAccess rights for resources
The following permissions are available for resources and can be configured for user roles in System Manager and using Multi-Team Environments.
|
Permission |
Description |
|---|---|
|
Authenticate as Resource (Only available as a permission for user roles) |
Allows the user account to be used for runtime authentication when starting a resource. User accounts that do not have this permission cannot be used to start a resource that explicitly authenticates against the environment. When upgrading from versions prior to 6.3, all existing roles are granted this permission to ensure that they can continue to start existing resources. New roles and all roles in new installations are not granted this permission automatically, it must be actively applied. Users can debug and start the resource that can optionally be automatically started locally when they log into the Blue Prism client. |
|
Configure Resource |
Users can edit a resource in System Manager to reset a resource's FQDN and change a resource's logging options. Users can also retire and unretire resources providing they also have the Control Resource permission. The View Resource and Manage Resource Access Rights permissions are implicitly granted. For appropriate configurations, this permission is required to reset a resource's FQDN. To add a resource to an active work queue, users require a minimum of the access rights provided by the Control Resource permission on the related resource group – Configure Resource does not allow users to add a resource to an active queue |
|
Control Resource |
Users can create, start, stop, and delete sessions in Control Room. Once a session is running, users with this permission can fully interact with it in the Control Room to perform tasks such as starting the process or sending terminate or stop requests. Users with this permission are implicitly granted the View Resource permission. |
|
Edit Resource Group |
Users can create, edit, delete, and rename groups in System management. They can also configure the resources hierarchy and move resources between groups. Both Manage Access Rights and Edit Groups permissions are required on any restricted group involved in a move. For more information, see Moving groups. |
|
Manage Resource Access Rights |
Users can manage the access rights for the group providing they have Manage Access Rights enabled in their role. Users with this permission cannot update it for their own user role. This prevents a user from giving themselves access rights management to a group they had previously been denied. The View Resource permission is implicitly granted. |
|
View Resource |
Users can see resources in Control Room and System Management and can view session management data relating to those resources. This permission also allows some queries to be made via the telnet/HTTP interface. |
|
View Resource Screen Capture |
Users can view exception screen captures, assuming they have access to control room. The View Resource permission is implicitly granted. |
In order to retire a resource, Configure Resource, Edit Resource Group, and Manage Resource Access Rights permissions are required on the group containing the resource.
Runtime resources role
When instructed to carry out a session management action, the runtime resource inherits the permissions of the controlling user by default. The runtime resources role provides the necessary and additional permissions required by the runtime resource to perform as required.
The runtime resources role must only be granted to user accounts that will be used exclusively to authenticate runtime resources against the Blue Prism environment. Users that interact with the platform for other purposes (i.e. via the interactive client or via scripting) must not be granted this role. Where users need the ability to start a runtime resource using their own credentials, they will require the Authenticate as Resource permission.
Resources that were started without explicitly authenticating against the environment (not recommended) assume the runtime resource role automatically.
