Role-based Access Control (RBAC) in Robocorp Cloud

Role-based Access Control (RBAC) in Robocorp Cloud

Robocorp Cloud allows fine-grained role-based access control (RBAC) mechanisms on both the Organization and Workspace levels. These roles can be combined and leveraged to create efficient and secure ways of working with activities and processes in Robocorp Cloud.

Organization

Owner

Owners have the most access over a Robocorp Cloud account. Most notably, they can access billing features and demote or promote other organization accounts to Admins or Owners. For optimal security, it is recommended not to use the Owner account for other tasks than account setup. It is good to consider the Owner account in an organization as the master or root account.

Each organization must have at least one account with the Owner role attached to it.

Admin

An Admin account can perform administrative actions in Robocorp Cloud, such as create new workspaces and add users. Any Admin user can also promote other organization Members to Admins.

The Admin role cannot access features such as billing and compliance, which means it is better suited for daily activities as opposed to the owner role.

Member

The Member account has the least access in an organization. Users with the Member role can only view Workspaces they have been explicitly invited to in an Organization. If they are promoted to be a Workspace Administrator for a Workspace, they can add other Organization users to that specific Workspace.

The Member role is suitable for developers or consultants who do not need visibility into the configurations and other users in an Organization.

Plan & BillingManagement, compliancePromote and demote Admin to OwnerPromote and demote member to AdminAdd and remove users to organizationEdit and view workspaces and permissionsAdd org users to workspacesAdd users only to workspaces they are admin ofSee only workspaces they belong to
Owner
Admin
Member

Workspace

Workspace Administrator

Workspace Administrators have the most power over a Workspace and can invite new users, alter Workspace permissions for users, edit processes, runtime environments and run processes.

The Administrator role in a Workspace is not equal to the Admin role in an Organization. To follow the principle of least privilege, your should assign to your Workspace Administrator the role of Member in the Organization.

Workspace Editor

The Workspace Editor cannot add users or modify permissions, but they can otherwise view and edit everything within the context of a Workspace. The Editor role should be used for robot developers whose task is to maintain and develop robots and for users that require more access than run processes or view their results.

Workspace Member

The Workspace Member is a role suitable for users who need to run or schedule tasks and view the results of the processes. The Member role in a Workspace cannot alter any settings or invite new users, which makes it a good role to be used for daily tasks for running a premade process.

In the context of a Workspace:

add or remove usersview and edit workspace permissionsedit processesview and edit robotsview and edit vaultrun, stop and schedule processesview processes
Administrator
Editor
Member