Blue Prism user roles

Blue Prism Roles are designed to simplify the administrator's task of setting the permissions of the system's users. It is likely that many users will share the same permissions, since they perform the same tasks within Blue Prism. By creating a Blue Prism Role with the desired set of permissions, an administrator can quickly and easily assign that set of permissions to individual users.

Managing roles

A user with permission to access System Manager may manage the system's Roles (that is create Roles, delete Roles or modify Roles). This is achieved by clicking "Manage Blue Prism Roles" from the "Users" pane within System Manager. Once within the dialog, Roles may be modified by selecting a Role from the left and then filling the checkboxes on the right. To delete a role, select it from the left and click the 'Delete' button. To create a new Role, click the 'Create' button, give your new Role a name and then modify it as normal.

Your changes will not take effect until you click 'Ok' – if you click 'Cancel', your changes will not be saved. Note that affected users will need to log out and log back in again for the changes related to them to take effect.

The System Administrator role

The permissions in the System Administrator role can not be changed and the role can not be deleted. There must be always at least one user in the system with the System Administrator role, and an error message will be displayed if the last System Administrator user is deleted. Only users with the System Administrator role can assign or remove this role from other users.

Use roles to set permissions

The use of Roles to set permissions is described in User Permissions

Single sign-on configuration

If your current database is configured for Single Sign-on, then you must create a mapping between Blue Prism user roles and Active Directory Security Groups. Any user who is a member of the appropriate Active Directory Security Group will inherit the permissions of the corresponding role. No user will be able to sign in to Blue Prism without being a member of one of these roles.

Blue Prism Security Roles can be mapped to created Active Directory Security Group using the Group Selector within the Manage Roles interface. Active Directory Security Groups that contain Foreign Security Principals or members with unresolved SIDs can present querying difficulties and therefore such configurations are not recommended. Specifically built-in Groups and Groups with derived membership such as Domain Users and Authenticated Users should not be used within the Security Group hierarchy associated with Blue Prism.

Once this mapping is established, users will then be able to sign in, whilst being limited to the actions permitted by their roles. Note that users will need to log off and log on again for Active Directory group changes to be propagated.

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 07 May 2024