MC admin rights
To consultants that require admin rights to MC.
- Is there a way to assign admin rights to an MC user account or do they have to use the MC admin login?
Predefined User Roles Management Console provides roles that users can have.
- Roles are mapped to a user of a security group.
- User permissions are calculated based on the roles that are mapped to security groups the user is a member of.
You can modify built-in roles or add additional roles. The built-in roles are defined in the roles.xml file.
Built-in Roles Management Console provides some built-in roles that users can have.
You can also modify built-in roles or add additional roles by editing the roles.xml file.
• Project Administrator: A user with this role administrates one or multiple projects and has a right to assign a role to a group for these projects. This user has a view right to view RoboServer and cluster settings without changing them. The project Administrator is not a member of the RPA Administrators group (for more information, see later in this section).
• Developer: Developers have a right to upload, download, and view all resource types in the repository. A user with this role can create, edit, and delete schedules, run robots, view run logs and clusters.
• Viewer: Viewers have similar view rights as developers and the rights to change or run anything.
• API (This user logs in only as a service authenticating via the API): A user with this role can use the repository API to read from and write to the repository. A user with this role cannot run robots using REST but can run robots using RQL.
• RoboServer (This user logs in only as a service authenticating via the API): A restricted user that can only read from the repository. This role is used by RoboServers when accessing a cluster, retrieving repository items, and requesting passwords from the password store.
• Kapplet Administrator: A user who can create, view, run, and edit Kapplets.
• Kapplet User: A user who can view and run Kapplets. A user with this role cannot access Management Console if this user has no other rights. For more information on Kapplet user roles, see "Kapplets User Roles" in Help for Kofax RPA.
• Password Store client: A user with this add-on role can access the password store. The role is provided on top of other roles, just like the Developer role. This role only provides access to the password store in Management Console.
• DAS Client User (This user logs in only as a service authenticating via the API): This is a user that is created for remote Desktop Automation Service (DAS) clients, and can only access the DAS API. The DAS client user has a right to announce a DAS to Management Console, and retrieve the DAS configuration.
• VCS Service User (This user logs in only as a service authenticating via the API): The version control service user is granted a special set of rights for the Synchronizer. This role has the right to add, modify, and delete resources. This is the only role that can deploy on behalf of another user to use the "deployer" feature in the version control service.
• Process Discovery Client (This user logs in only as a service authenticating via the API): This role allows Process Discovery components to interact with Management Console.
The user admin is a superuser that has access to everything.
It is not a member of the RPA Administrators group and cannot be a member of any group.
The default admin user password is available (user: admin, password: admin). You can change the admin user password as described in "Reset password for user" in Help for Kofax RPA.
In an LDAP integration setup, the admin group is defined as part of the LDAP configuration. The admin user can then login and define which LDAP groups should be mapped to the Developer, Project Administrator, RoboServer, and other roles.
In an internal user setup, the admin user is created at first start and can then login and create Administrators, Developers, and other users. Built-in "admin" user special rights Beside being the initial user, the admin also has special rights, such as:
• In the RoboServers section in Management Console, admin can click a RoboServer node and request a stack trace from the corresponding RoboServer.
• Only admin can create and import backups.
• In the password store, admin can move passwords to another project.
Level of Complexity
Add any references to other internal or external articles
Article # 3035113