Blue Prism roles are designed to simplify the administrator's task of setting the permissions of the system's users. It is likely that many users will share the same permissions, since they perform the same tasks within Blue Prism. By creating a Blue Prism role with the desired set of permissions, an administrator can quickly and easily assign that set of permissions to individual users.
The Desktop Users role is recommended for end users of the Blue Prism Desktop client. More information on Blue Prism Desktop can be found here.
To manage Blue Prism roles, a user must be assigned the System Manager > Security - User Roles permission.
Create a role
Navigate to System > Security - User Roles.
A new role displays in the Roles panel with a default name.
- Enter a meaningful name for the role.
- Select or deselect the required permissions for the role from Permissions panel.
- Click Apply.
Delete a role
- On the Security - User Roles screen, select a role from the left panel and click Delete.
- Click OK in the confirmation message.
Affected users will need to log out and log back in again for the changes related to them to take effect.
System Administrator role
The permissions in the System Administrator role cannot be changed and the role cannot be deleted. There must always be at least one user in the system with the System Administrator role, and an error message will display if the last System Administrator user is deleted. Only users with the System Administrator role can assign or remove this role from other users.
Manage role membership
You can add Blue Prism native, Active Directory, and Authentication Server users, as well Active Directory security groups to a role in Blue Prism, provided that the relevant authentication type has been configured on the Security - Sign-on Settings screen.
Add a user to a role
- On the Security - User Roles screen, select a role from the list and edit its associated permissions if required.
Click Manage Role Membership.
The Role Membership screen displays.
The view on this screen depends on the options for Active Directory user role management selected on the Security - Sign-on Settings screen. If the Manage role membership in Blue Prism option has not been selected, no Active Directory users can be added directly to a role. If the Manage role membership in Active Directory option has been selected, an additional security groups section displays.
The Add users dialog displays.
Select the user you want to add to the role and click OK.
The added user now displays in the user list on the Role Membership screen.
Click OK to close the Role Membership screen and save your changes.
Add an Active Directory security group to a role
The Manage role membership in Active Directory option must be selected on the Security - Sign-on Settings screen to be able to add security groups to a Blue Prism role.
- Navigate to System > Security > User Roles.
- Select a role from the list and edit the associated permissions if required.
Click Manage role membership.
The Role Membership dialog displays.
Click Add under the security groups section.
The Select Active Directory Security Groups dialog displays.
Search the Active Directory for security group(s) to add to the selected role. The same search criteria can be applied as when searching for users.
Once retrieved from Active Directory, select the Active Directory security group(s) which you want to add to the selected role and click OK.
The added security groups display on the Role Membership dialog.
- Click OK to save your changes.
Remove users or security groups from a role
- Navigate to System > Security> User Roles screen and select a role from the list.
- Click Manage Role Membership.
- On the Role Membership dialog, select the user(s) or security group(s) you want to remove from the list and click the delete icon.
- Click OK to save your changes.