Blue Prism roles

Blue Prism roles are designed to simplify the administrator's task of setting the permissions of the system's users. It is likely that many users will share the same permissions, since they perform the same tasks within Blue Prism. By creating a Blue Prism role with the desired set of permissions, an administrator can quickly and easily assign that set of permissions to individual users.

Manage roles

To manage Blue Prism roles, a user must be assigned the System Manager > Security - User Roles permission.

Create a role

  1. Navigate to System > Security - User Roles.

    You can also manage roles by clicking Manage Blue Prism Roles in the Roles and Permissions tab on the User Settings screen.

  2. Click Create.

    A new role displays in the Roles panel with a default name.

  3. Enter a meaningful name for the role.
  4. Select or deselect the required permissions for the role from Permissions panel.
  5. Click Apply.

Delete a role

  1. On the Security - User Roles screen, select a role from the left panel and click Delete.
  2. Click OK in the confirmation message.

Affected users will need to log out and log back in again for the changes related to them to take effect.

System Administrator role

The permissions in the System Administrator role cannot be changed and the role cannot be deleted. There must always be at least one user in the system with the System Administrator role, and an error message will display if the last System Administrator user is deleted. Only users with the System Administrator role can assign or remove this role from other users.

Manage roles for single sign-on configuration

If your current database is configured for single sign-on, the user role management will depend on the whether you are using Active Directory authentication in a single-authentication or a multi-authentication environment.

Manage roles for Active Directory authentication in a single-authentication environment

For Active Directory authentication in a single-authentication environment, you must create a mapping between Blue Prism user roles and Active Directory security groups. Any user who is a member of the appropriate Active Directory security group will inherit the permissions of the corresponding role. No user will be able to sign into Blue Prism without being assigned one of these roles.

Blue Prism roles can be mapped to created Active Directory security groups using the group selector within the Manage Roles interface. Active Directory security groups that contain Foreign Security Principals or members with unresolved SIDs can present querying difficulties and therefore such configurations are not recommended. Specifically built-in groups and groups with derived membership such as domain users and authenticated users should not be used within the security group hierarchy associated with Blue Prism.

Once this mapping is established, users will be able to sign in, whilst being limited to the actions permitted by their roles. Note that users will need to log off and log on again for Active Directory group changes to take effect.

Manage roles for Active Directory authentication in a multi-authentication environment

Blue Prism administrators who are members of an Active Directory domain must enable Active Directory authentication for a multi-authentication environment on the System > Security - Sign-on Settings screen in Blue Prism.

They must then create Active Directory user accounts by retrieving users from Active Directory and assigning them to Blue Prism user roles individually. The roles and permissions are assigned as described in the Manage roles section above.