Roles & Permissions
Robopack provides granular role-based access control to manage who can do what across your organisation and tenants.
Available roles
| Role | Access level |
|---|---|
| Organisation Administrator | Full access to all features and settings. Required to add Instant Apps to Patch Groups |
| Package Writer | Create, edit, and import packages |
| Package Reader | View packages (read-only) |
| Robopatch Writer | Create and manage Robopatch flows. Can only modify flows created by the same user |
| Robopatch Reader | View Robopatch flows (read-only) |
| Security Writer | Manage roles and permissions |
| Security Reader | View roles and permissions (read-only) |
Some operations require specific roles:
- Adding Instant Apps to Patch Groups requires Organisation Administrator
- Robopatch Writer can only modify flows they personally created — they cannot edit flows created by other users
- Radar may not be accessible to all reader roles
Assignment methods
Direct assignment in Robopack
Go to Settings > Users, click on a user, and select their roles.
Entra ID group assignment
Assign roles through Entra ID enterprise application group membership. This is recommended for larger organisations as it automates role assignment when users are added to groups.
Automatic user provisioning
Robopack automatically provisions any new user that signs in with Entra ID, provided that the tenant is registered and the user has access to Robopack in the tenant's app registration. No manual user creation needed.
Entra ID managed login
You can switch your organisation to Entra Managed login in Settings. This means all users must authenticate through Entra ID instead of username/password.
Before enabling Entra Managed login, ensure groups are configured with members so you do not lock yourself out of the organisation.
Two-factor authentication
For accounts using username and password (rather than Entra ID SSO), Robopack supports two-factor authentication using authenticator apps such as Microsoft Authenticator or Google Authenticator.
- Per-user — enable 2FA in Settings > Account
- Organisation-wide — require 2FA for all password logins in Settings > Account > Organisation Settings
Per-tenant permissions
When using multi-tenant, permissions can be scoped per tenant. See Multi-Tenant Management for details.