Blue Prism user roles

Blue Prism Roles are designed to simplify the administrator's task of setting the permissions of the system's users. It is likely that many users will share the same permissions, since they perform the same tasks within Blue Prism. By creating a Blue Prism Role with the desired set of permissions, an administrator can quickly and easily assign that set of permissions to individual users.

Manage user roles

A user with permission to access System Manager may manage the system roles (that is create roles, delete roles or modify roles) by clicking Manage Blue Prism Roles from the Security - Users screen in System Manager.

In the Create and Manage Blue Prism Roles dialog, you can modify by selecting a role from the left and selecting/deselecting permissions on the right.

To delete a role, select it from the left and click Delete.

To create a new role, click Create, give your new role a name and then modify it as described above.

To save your changes, click OK. To discard your changes, click Cancel. Note that affected users will need to log out and log back in again for the changes related to them to take effect.

System Administrator role

The permissions in the System Administrator role cannot be changed and the role can not be deleted. There must be always at least one user in the system with the System Administrator role, and an error message will display if the last System Administrator user is deleted. Only users with the System Administrator role can assign or remove this role from other users.

Use roles to set permissions

The use of roles to set permissions is described in User permissions.

Manage roles for single sign-on configuration

If your current database is configured for single sign-on, the user role management will depend on the whether you are using Active Directory authentication in a single-authentication or a multi-authentication environment.

Manage roles for Active Directory authentication in a single-authentication environment

For Active Directory authentication in a single-authentication environment, you must create a mapping between Blue Prism user roles and Active Directory security groups. Any user who is a member of the appropriate Active Directory security group will inherit the permissions of the corresponding role. No user will be able to sign into Blue Prism without being assigned one of these roles.

Blue Prism roles can be mapped to created Active Directory security groups using the group selector within the Manage Roles interface. Active Directory security groups that contain Foreign Security Principals or members with unresolved SIDs can present querying difficulties and therefore such configurations are not recommended. Specifically built-in groups and groups with derived membership such as domain users and authenticated users should not be used within the security group hierarchy associated with Blue Prism.

Once this mapping is established, users will be able to sign in, whilst being limited to the actions permitted by their roles. Note that users will need to log off and log on again for Active Directory group changes to take effect.

Manage roles for Active Directory authentication in a multi-authentication environment

Blue Prism administrators who are members of an Active Directory domain must enable Active Directory authentication for a multi-authentication environment on the System > Security - Sign-on Settings screen in Blue Prism client.

They must then create Active Directory user accounts by retrieving users from the Active Directory and assigning them to Blue Prism user roles individually. The roles and permissions are assigned as described in the Manage user roles section above.