orchestrator
latest
false
UiPath logo, featuring letters U and I in white

Orchestrator user guide

Last updated Aug 6, 2025

Migrating from break inheritance to union of privileges

The union of privileges access model improves access control across all users. It grants users access levels by combining explicit and group-level access. As a result, each time you add or remove a privilege to or from a group, all users who are part of that group become subject to the updated privilege check.

The break inheritance model refers to a scenario where any changes to the associated set of privileges at the group level are not automatically propagated to the users who are members of that group. This means that, once inheritance is broken, updates made to the group’s privileges do not reflect in the user's access, unless the user is removed and re-added to the group, or the user is recreated in Orchestrator.

Note: This change impacts the following set of privileges:
  • UI Profile settings (No UI access, Personal Workspace only, Standard Interface)
  • Update policy settings
  • Enable user to run automations
  • Create a personal workspaces for this user

Permissions already work in the union of privileges model.

Post-migration behavior

After migrating from the break inheritance model to the union of privileges model, users no longer receive access only from directly assigned roles. Now, users inherit both roles and profile settings from their groups. This shift ensures a more unified and predictable access experience.

The key changes are:
  • Previously, users received only the roles from their groups.
  • Now, they also inherit settings such as interface access level or attended robot permissions.
  • If a setting is explicitly configured for a user, it overrides the inherited group setting.
  • Several permissions are now displayed as drop-downs instead of checkboxes.
  • The Robot Settings section was renamed to Advanced robot settings and repositioned.
  • Direct settings are displayed in the left pane, while inherited settings are summarized on the right side in the Summary card.

Once the migration is complete, check the new behavior as follows:

  1. Go to the Manage Access tab.
  2. Select the Access Rules tab, then Users, and then select the Assign user button.
    The Assign access rules page is displayed.
  3. Search for a user. On the right side of the page, the Summary card displays with the current permissions of the selected user.
  4. If the account already has access rules assigned at the tenant level, select the Edit button to modify access rules.
  5. Under Configuration, in the Additional roles field, assign additional existing roles to the user, or select New role to create and assign a new role.
    Under Settings, UI Profile has the Standard default option.
  6. For Personal automation setup, choose one of the following:
    • None
    • Enable user to run automations
    • Enable user to run automations + Personal workspace
  7. For Client binaries (Robot, Assistant and Studio) auto-update policy, choose one of the following:
    • None
    • Latest patch
    • Latest version
    • Specific version
    The following options are available only for users and robot accounts.
  8. Under Unattended setup - Unattended robot setup, choose one of the following options:
    • None
    • Unattended robot using predefined VM credentials
    • Unattended robot using custom Windows credentials
  9. For Advanced robot options, configure any of the following options:
    • Logging Level
    • Allow Development Logging
    • Login To Console
    • Resolution Width
    • Resolution Height
    • Resolution Depth
    • Font Smoothing
    • Auto Download Processes
  10. Select Update to finish the user configuration.

Summary card

A new Summary card interface is available in the updated access control experience. You can easily check the following settings from this card:

  • All effective roles and settings for a user.
  • Sources of those privileges (for example, direct or inherited)
  • A clear summary of how the current configuration.

The Summary card allows an immediate overview of all user permissions and their sources. This helps avoid misconfiguration or redundant role assignments.

  • Migrating from break inheritance to union of privileges
  • Post-migration behavior
  • Summary card

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo
Trust and Security
© 2005-2025 UiPath. All rights reserved.