Default roles

IBM RPA provides five default roles to you start managing your users. These roles provide a starting point to create a secure environment based on users responsibilities.

You can create custom roles based on user responsibilities that you have into your IBM RPA environment. Follow the procedures on Managing roles to create custom roles.

The following topics shows the default roles and its description:

Platform administrator

Platform administrator users are responsible for managing and maintaining the environment.

SaaS offering
Selected employees of the IBM Robotic Process Automation team are Platform Administrator users.

On premises offering
After you install the IBM RPA server, the first user registered is the Platform Administrator.

This role has the following permissions:

  • Basic tenant management
  • Import and export dashboards
  • Manage chats
  • Removed in 23.0.3: Manage IVR mappings
  • Manage connections
  • Manage applications
  • Manage tenants
  • Removed in 23.0.3: Sync IVR users
  • Update service parameters
  • View user profile
  • List authentication providers
  • Manage authentication providers
  • View authentication providers

Tenant administrator

Tenant administrator users are responsible for managing the regular operation of tenants and their configuration.

SaaS offering
Selected employees of the IBM Robotic Process Automation team are Platform Administrator users.

On premises offering
The IBM RPA server installation defines the first user to receive Tenant Administrator role. This user can create new users on the first tenant.

This role has the following permissions:

  • Change tenant owner
  • Download scripts published to the tenant
  • Manage chat mappings
  • Manage computer groups
  • Manage computers
  • Manage credentials
  • Manage dashboards
  • Removed in 23.0.3: Manage IVR mappings
  • Manage queue providers
  • Manage queues
  • Manage teams
  • Manage user roles
  • Manage users
  • Update tenant configuration
  • View audit logs
  • View callback allowlists
  • Removed in 23.0.3: View IVR records
  • View user profile

Bot developer

Bot developer users are responsible for designing and developing IBM RPA bots. Architecting bots also entails designing operational and business dashboards for insights.

This role has the following permissions:

  • Create projects
  • Create workflows and processes instances
  • List computer groups
  • List computers
  • List connections
  • List bots
  • List projects
  • Manage bots
  • Manage counters
  • Manage dashboards
  • Manage machine learning models
  • Manage parameters
  • Manage projects
  • Manage queues
  • Manage scripts
  • Manage connections
  • Manage workflows
  • Run bots
  • Train machine learning models
  • Run bots
  • Use studio application
  • Use vault application
  • View bots
  • View credentials
  • View connections
  • View projects
  • View tenant configuration
  • View user profile

Business user

Business users can run bots to optimize their daily work such as configuring attended vault credentials and creating their own dashboards.

This role has the following permissions:

  • Create workflows and processes instances
  • List connections
  • List teams
  • List user roles
  • List users
  • Invoke bots
  • Manage credentials
  • Manage dashboards
  • Removed in 23.0.3: Manage IVR mappings
  • Manage machine learning models
  • Manage workflows
  • Manage connections
  • Train machine learning models
  • Use parameters
  • Use launcher application
  • Use vault application
  • View computers
  • View computers groups
  • Removed in 23.0.3: View IVR records
  • View locks
  • View user profile

Business operator

Business operator users can schedule bots and control their operations. They can also, monitor jobs, assign computers policies, view dashboards and run audit activities.

This role has the following permissions:

  • Create launchers and buttons
  • Create workflows and processes instances
  • List dashboards
  • List jobs
  • Manage computer groups
  • Manage computers
  • Manage jobs
  • Manage launchers
  • Manage schedules
  • Manage scripts
  • Release locks
  • Run bots
  • Train machine learning models
  • View and use chat mappings
  • Removed in 23.0.3: View and use IVR mappings
  • View counters
  • View credentials
  • View dashboards
  • Removed in 23.0.3: View IVR records
  • View parameters
  • View projects
  • View queue providers
  • View queues
  • View tenant configuration
  • View user profile
  • View workflows and processes

Obsolete roles

Roles such as Super admin, admin, and user are obsolete. Despite that, users who have these permissions aren't excluded. They continue with the same actions available before the implementation of RBAC.

If your tenant has users with one of these obsolete roles, update them to a proper new role.