ixp
latest
false
  • Introduction
      • Capability types
      • Choosing the correct capability
  • Access control
    • Account management
    • Accessing capabilities
    • Role-based access control (RBAC)
    • Managing access
    • Managing projects
  • Licensing
Important :
Communications Mining is now part of UiPath IXP. Check the Introduction in the Overview Guide for more details.
UiPath logo, featuring letters U and I in white
PREVIEW

IXP overview guide

Last updated Jul 14, 2025

Managing access

This section addresses to Automation Cloud users and contains information on how to manage your access in the IXP service.

Roles and their underlying permissions

This section contains an overview of the different roles and the underlying permissions they grant in the UiPath® IXP service.

In the Manage Access tab from the Administration page, you can assign roles to specific users. Each role comes with a predefined set of permissions, so you cannot assign individual permissions. Instead, you must assign the main role, which includes all associated permissions.
Note: All users can view other users in projects and tenants, but only administrators can modify users.

The following table contains a list of all roles and permissions, as well as a description of each role:

RolePermissionsRole description
IXP Service Admin

Audit Log - Read

Tenant - Manage

Grants full rights to the IXP service.
IXP Project Admin

Alert - Write

Appliance Configuration - Write

Bucket - Append

Bucket - Write

Comment - Manage

Dataset - Export

Dataset - Manage

Integration - Write

Source - Manage

Stream - Consume

Stream - Manage

Allows you to manage everything within a project such as users, integrations, sources, datasets, models, streams, and alerts. You cannot create or delete projects.
IXP Model Trainer

Alert - Read

Dataset - Review

Dataset - Write

Integration - Read

Source - ReadSensitive

Stream - Read

Allows you to view everything within a project. You can also review and label data, update dataset settings, and pin model versions.

You cannot create or delete datasets.

IXP Developer

Alert - Read

Appliance Configuration - Write

Bucket - Append

Bucket - Read

Comment - Manage

Dataset - Export

Integration - Write

Model - Manage

Source - Manage

Stream - Consume

Stream - Manage

Allows you to view everything within a project, upload or export data, configure integrations, pin models versions, manage streams, and consume predictions from them.

You cannot review and label data. Also, you cannot create, update, or delete datasets or alerts.

IXP Viewer

Alert - Read

Dataset - Read

Integration - Read

Source - Read

Stream - Read

Allows you to view everything within a project.

You cannot create, update or delete anything.

IXP Analyst

Alert - Write

Dashboard - Write

Dataset - Read

Integration - Read

Source - Read

Stream - Read

Allows you to view everything within a project and can create, update, and delete dashboards and alerts.

You cannot import, export, or review and label data. Also, you cannot modify or consume streams, or set up integrations.

Note: Since permissions are granted at the project level, users might need different permissions for different projects.

Permission types

Define the level of access granted to users for specific actions or resources.

Permission type

Description

Sources permissions Refer to the data your company uploaded for analysis.
Datasets permissions Grant access to datasets (i.e. named collections of labels), general fields and training data.
Streams permissions Grant access to streams, which allow you to take actions on newly ingested data.
Users permissions

(deprecated)

Allow you to view and/or modify users in their projects.
Buckets permissions Grant access to buckets, which are containers of raw data items that you can upload.
Integration permissions Grant access to integrations, which allow you to connect other services to the platform.
Utility permissions Include any permissions which do not belong to any of the other categories.
Note:

Buckets, integration, and utility permissions are typically only granted to programmatic users such as development engineers. In addition, these permissions are not required for the daily use of the platform.

Permissions

Note: The Modify users, View users, and Upload file permissions are deprecated because they are no longer required as standalone permissions outside of the available roles.
In the Manage Access tab from the Administration page, you can assign roles to specific users. Each role comes with a predefined set of permissions, so you cannot assign individual permissions. Instead, you must assign the main role, which includes all associated permissions.
Permission typePermissionPermission description
Service (only non-project)

Tenant - Manage

Create, modify, and delete projects and users for a tenant. Additionally, all admins on UiPath® Automation Cloud also receive this permission in the IXP platform automatically.

Service (only non-project)

Audit Log - Read

View audit logs.

Sources

Source - Read

View sources and the messages they contain. This is required to view individual messages on the platform.
Sources

Source - ReadSensitive

Grants Source - Read

View any user properties marked as sensitive, in addition to others.
Sources

Source - Manage

Grants Source - ReadSensitive

Create, modify, and delete sources. You must create sources via the API.
Sources

Comment - Manage

Create, update, and delete messages in a source via the API.
Datasets

Dataset - Read

View pinned and predicted labels on the datasets of the user. This is required to view individual messages on the platform.
Note: To view any data related to a source, dataset, or message in the platform both Source - Read and Dataset - Read, or their parent roles, are required.
Datasets

Dataset - Manage

Grants Dataset - Read

Update the properties of a dataset,for example, its description, sources, and general fields. Enable Quality of Service and Tone analysis.
Datasets

Dataset - Review

Grants Dataset - Read

Create, edit and delete labels, and pin them to messages in the dataset of the user. Add pre-trained labels.
Datasets

Dataset - Export

Export datasets via the user interface.
 

Model - Manage

Pin model versions.
Datasets

Dashboard - Write

Create or modify dashboards.
Streams

Stream - Read

View streams and their configuration.
Streams

Stream - Manage

Create, modify, and delete streams.
Streams

Stream - Consume

Fetch and advance the output of a stream.
Buckets

Bucket - Read

View information on raw data buckets.
Buckets

Bucket - Write

Add or remove raw data buckets.
Buckets

Bucket - Append

Upload data to buckets.
Integrations

Integration - Read

View information on external integrations.
Integrations

Integration - Write

Add or remove integrations with external services.
Utility

Alert - Read

View alerts, and issues raised by them.
Utility

Alert - Write

Create, modify and delete alerts.
Utility

Appliance Configuration - Read

Fetch appliance configs.
Utility

Appliance Configuration - Write

Upload new or replace existing appliance configs.

Custom roles

Apart from the default IXP roles, you can also create and manage custom roles. Adapting custom roles to the specific needs and permissions of users, helps you align more closely with the needs of your organization.

Custom roles are available at tenant level, or project level.

Tenant-level roles

The tenant-level roles can grant the following permissions:

Standard permissions:
  • Authorization / Action: Read
  • Authorization / Role: Read, Update, Create, Delete
  • Authorization / Role Assignment: Read, Update, Create, Delete
  • IXP: Audit Log - Read
Additional permissions:
  • Authorization / Role Assignment: Export role assignment data
  • IXP: Can perform service-level administration tasks, manage quotas, and create and delete projects.

Project-level roles

The project-level roles can grant the following permissions:

Standard permissions:
  • Authorization / Action: Read
  • Authorization / Role: Read, Update, Create, Delete
  • Authorization / Role Assignment: Read, Update, Create, Delete
  • IXP:
    • Alert - Read, Write
    • Appliance Configuration - Read, Write
    • Bucket - Read, Write
    • Bucket Item - Read
    • Dashboard - Write
    • Dataset - Read, Write
    • Integration - Read, Write
    • Source - Read
    • Stream - Read, Write
Additional permissions:
  • Authorization / Role Assignment: Export role assignment data
  • IXP:
    • Upload items to raw data buckets.
    • Create, update and delete messages in a source via the API or the UI, including CSV upload.
    • Export datasets via the UI.
    • Create and delete datasets. Grants all other dataset permissions except dataset export.
    • Create, edit and delete labels, and pin them to messages in the user's datasets.
    • Pin and unpin trained models and update their tags.
    • Create, modify and delete sources.
    • View any user properties which have been marked as sensitive, in addition to others.
    • Fetch and advance the output of a stream.
    • Create, modify and delete streams.

Creating a custom role

To create a custom role, proceed as follows:
  1. Go to the Administration page, and select Manage Access.
  2. Select Service, and then the Roles tab.
  3. Select Create role, and fill in the following fields:
    • Role name - Give your role a descriptive name.
    • Description - Optionally, provide a description.
    • Category - Choose between:
      • Tenant - You can assign this role at tenant-level, and consists of tenant-level permissions.
      • Project - You can assign this role to existing or new projects and consists of project-level permissions.
  4. Select Next to proceed to the permissions page.
  5. In the Standard permissions and Additional permissions tabs, select the permissions to assign to the custom role.
  6. Select Create.

Viewing a custom role

To view a custom role, proceed as follows:
  1. Navigate to the Administration page, and select Manage Access.
  2. Select Service, or a project folder, and then the Roles tab.
  3. Select the ellipsis for the custom role you want to view.
  4. Select View.

Editing a custom role

To edit a custom role, proceed as follows:
  1. Go to the Administration page, and select Manage Access.
  2. Select Service, or a project folder, and then the Roles tab.
  3. Select the ellipsis for the custom role you want to edit.
  4. Select Edit to modify the description and permissions of the custom role.
  5. After making the changes, select Update.

Duplicating a custom role

To duplicate a custom role, proceed as follows:
  1. Navigate to the Administration page, and select Manage Access.
  2. Select Service, or a project folder, and then the Roles tab.
  3. Select the ellipsis for the custom role you want to duplicate.
  4. Select Duplicate & customize, to create a copy of the role and modify its description and permissions.
  5. After making the changes, select Create.

Removing a custom role

To remove a custom role, proceed as follows:
  1. Go to the Administration page, and select Manage Access.
  2. Select Service, or a project folder, and then the Roles tab.
  3. Select the ellipsis for the custom role you want to edit.
  4. Select Delete.
    Note: Deleting a custom role also removes all associated role assignments.

Managing user and group roles

Important: Until all existing tenants are migrated to the new RBAC experience, you will still have the manage access experience as presented in the Managing projects documentation.
Note: You must have either the Service Admin role or the Project Admin role assigned to manage user and group roles.

To manage roles, proceed as follows:

  1. Once you log into IXP, select the gear icon.
  2. Select the Manage Access tab in the Administration page.
  3. Start managing roles in the Service or Project sections, depending on what roles you have.

Viewing available roles

To view the available roles for a specific scope, either a tenant or a project, proceed as follows:

  1. Go to the Manage Access tab.
  2. Select either Service or a specific project.
  3. Select the Roles tab.

To view the permissions that each role grants, select the eye icon for a specific role. For more details, check Roles and permissions.

Adding a user or group to a project

To add a user or Automation Cloud group to a project, you need to assign them a role. For more details on adding users to Automation Cloud groups, check Managing access in the Automation Cloud.

To add users or Automation Cloud groups to a project, proceed as follows:
  1. Go to the Manage Access tab, and select a project.
  2. Select Assign role under the Role assignments tab.
  3. In the Names field of the Assign roles side panel, enter the names of the users or groups you want to assign roles to.
  4. Select a name from the drop-down list, where all available users and groups in the tenant are displayed.
  5. In the Roles field, select from the drop-down list the roles you want to assign.
  6. Select Assign.
Note:
  • The Organization Administrator role - can update role assignments at the service level or in any project for any users in the tenant.
  • The Project Administrator role - can update role assignments in any project where they have this role.
  • The Service Administrator role - can update role assignments at the service level.
Figure 1. The project-level Role assignments tab

Figure 2. The project-level Assign roles side panel

Assign service roles to a user or group

To assign service roles to a user or group, proceed as follows:
  1. Go to the Manage Access tab, and select a project.
  2. Select Assign role under the Role assignments tab.
  3. In the Names field of the Assign roles side panel, enter the names of the users or groups you want to assign roles to.
  4. Select a name from the drop-down list, where all available users and groups in the tenant are displayed.
  5. In the Roles field, select from the drop-down list the roles you want to assign.
  6. Select Assign.
Note:
  • The Organization Administrator role - can update role assignments at the service level or in any project for any users in the tenant.
  • The Project Administrator role - can update role assignments in any project where they have this role.
  • The Service Administrator role - can update role assignments at the service level.
Figure 3. The service-level Role assignments tab

Editing or removing existing role assignments

To edit or remove any existing role assignments, proceed as follows:
  1. In the Manage Access tab, select Service or a specific project.
  2. Select the Role assignments tab to locate the user or group whose role you want to update or remove.
  3. Select the ellipsis for the user or group you want to edit or remove.
  4. Select Edit or Remove, depending on the case.
    1. Edit - allows you to add additional roles to the user or group, or remove existing ones.
    2. Remove - removes the user or group from the project. A warning pop-up appears, which states the action is permanent. Next, select the Remove button in the warning pop-up to confirm the deletion.

Access control for group-based project roles (Automation Cloud)

When you assign project roles to groups, the users part of those groups can access any projects the groups are added to. This means the users can view the data within those projects, which might not be appropriate for a large group of users, especially in regulated industries. For more details, check Understanding the data structure and permissions.

Access control for single sign-on (SSO)

As a best practice, when you use single sign-on (SSO), segregate groups at relevant and appropriate access levels. For example, if only a limited set of users should access a specific project, create per-project groups to provision access to that project. Otherwise, unauthorized people might access the data.

Note:

If strict segregation is required and data must not be shared across teams, consider using a separate Automation Cloud tenant.

Access control for Automation Cloud groups

When you use Automation Cloud groups, determine if everyone in the group should have access to the project data. This ensures that you only grant access to the right people and maintain proper data security.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2025 UiPath. All rights reserved.