Automation Cloud Dedicated admin guide

Last updated Jul 10, 2025

Roles

Roles are a collection of permissions and represent a more granular layer for managing user access, following the broader option of maintaining access through groups. You can add roles to either groups so that all member accounts inherit them, or to individual accounts.

Roles can include several permissions at either the organization level, or at the service level, so there are:

organization-level roles: these roles control the permissions that accounts have on organization-wide options. They are available in the Automation Cloud^TM Dedicated portal by default and you cannot change them, nor can you add new ones.
service-level roles: these roles control the access rights and actions that accounts can perform in each UiPath® service you own. They are managed from within each service and can include default roles which you cannot change, as well as custom roles that you create and manage in the service.

Accounts and groups typically have an organization-level role and one or more service-level roles.

Groups and roles

In the following table you can view the roles that are assigned to accounts when they are added to a group. For example, adding an account to the Administrators default group grants them the Organization Administrator role for the organization and the Administrator role within your services. This user can manage both organization-level roles from Admin, then select Accounts and Groups, as well as service-level roles.

Group membership	Organization-level role	Service-level roles for Orchestrator
Administrators	Organization Administrator	Administrator
Automation Users	User	Automation User at folder level ¹ Allow to be Automation User at tenant level
Automation Developers	User	Automation User at folder level ¹ Folder Administrator at folder level ¹ Allow to be Automation User at tenant level Allow to be Folder Administrator at tenant level
Everyone	User	No roles.
Automation Express	User	Allow to be Automation User at tenant level
[Custom group]	User	No roles by default, but you can add roles to the group as needed.

¹ The roles are assigned to the Shared modern folder, if it exists.

Note: For information about roles across UiPath services, refer to Role management.

Organization-level roles

Accounts can have only one organization-level role. This role controls the access that the account has to options within the portal area, such as the tabs they can view on the Admin page or the options available to them on the Home and Admin pages.

At organization level, the roles Organization Administrator and User are available.

You cannot change these roles or add new roles at the organization level.

Organization administrator role

This role grants access to every organization- and service-level feature within the organization. An account with this role can perform all administrative actions for the organization, such as creating or updating tenants, managing accounts, viewing organization audit logs, and so on. There can be multiple accounts with this role.

Note: This is the only role that allows access to the Admin section.

The first organization administrator for any given organization is appointed when the organization is created.

To grant this role to others, the organization administrator can add user accounts to the Administrators group, which is one of the default groups.

The organization administrator role includes the following organization-level permissions, which cannot be changed, as described in the table, as described in the following table:

	View	Edit	Create	Delete
Usage charts and graphs
Tenants
Accounts and groups
Security settings
External applications
Licenses
API keys
Resource center (Help)
Audit logs
Organization settings

User role

This is the basic level of access within the UiPath ecosystem. Local user accounts automatically become members of the Everyone group, which grants them the User role.

This role is granted to all accounts that are in the default groups Everyone, Automation Users, or Automation Developers.

This role provides read-only access to pages, such as the Home page, Resource Center (if available).

They can view and access the provisioned services for their current tenant. However, the content they can view and the actions they can perform within each service depends on the service-level roles assigned to their account.

Service-level roles

Service-level roles control access rights and permitted actions within each of your UiPath services, such as the Orchestrator service, or Data Service. The permissions for each service are managed within the service itself, not from the organization Admin page.

To grant permissions for a service to accounts, you can do the following:

Assign service-level roles to a group to grant those roles to all member accounts - you do this in the service.
Add accounts to a group that already has the required service-level roles - you do this from Admin > Accounts and Groups.
Assign roles to an account - you do this in the service.

On this page

Groups and roles
Organization-level roles
Organization administrator role
User role
Service-level roles

Was this page helpful?

PREVIOUSManaging access

NEXTRole management

Support and Services

Get The Help You Need

UiPath Academy

Learning RPA - Automation Courses

UiPath Forum

UiPath Community Forum

Trust and Security

Cookies Policy