Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BPE - BP UI automation - Roles assigned - Tree view error

Walter.Koller
Level 12

3 weeks ago - last edited 3 weeks ago

Hello,

I wanted to automate Blue Prism to generate a report of all users and their assigned roles. 
Although I much appreciate if anyone knows a better way to get this information for AD managed roles.

I worked my way to the point when it actually comes to read the assigned roles and I am not able to read the tree view representation of those assignment. I am using Win32 spied tree view, like I already successfully did for user roles and user list, but for some reason I get an error in the user role pop up window.

This pop up is here: Security tab, User Roles, right upper hamburger, User details, Roles and Permissions tab

WalterKoller_1-1755075836256.png

Spied element

WalterKoller_3-1755076023340.png

 

WalterKoller_2-1755075898936.png

Navigate stage

WalterKoller_4-1755076084139.png

Error message

WalterKoller_0-1755075561975.png

I am doing the exact same steps for other tree views in BP UI and they work just fine by using either text or index. I have tried both Select Item parameters for the problematic one, and neither index nor text works. 

The error message is also kind of weird by saying 'the operation completed successfully'.

Also strange is that I can successfully use Expand Item action on the very same UI element with the very same Item Text parameter and it works. 

 

Many thanks in advance,

 Walter

 

edit: I am using BP v7.3.2 both for automation and to be automated

0 Likes
8 REPLIES 8

Michael_S
Community Team
Community Team

3 weeks ago

Tagging @harish.mogulluri and @Neel1 on this one, any ideas?

0 Likes

MilanPinter
Level 3

3 weeks ago

Do you have read access to the database? It would be much easier and more efficient.
SELECT *
FROM [xxx].[dbo].[BPAUserRoleAssignment] ura
LEFT JOIN [xxx].[dbo].[BPAUser] u ON ura.userid=u.userid
LEFT JOIN [xxx].[dbo].[BPAUserRole] ur on ura.userroleid=ur.id
WHERE username = 'Walter.Koller'

 

0 Likes

Walter.Koller
Level 12
In response to MilanPinter

3 weeks ago

Hello @MilanPinter 

Thanks for SQL. This was also my first idea to query the DB tables directly. Unfortunately are those tables empty in our environments as we use Single Sign-On.

I was hoping this was changed in 7.x as this version does AD caching and its sync of AD users takes significantly longer, and there would be a user role assignment of cached users stored in DB. Unfortunately the BPAUserRoleAssignment table has still only one row: Anonymous Resource assigned to user named NULL. 😉

Kind regards,
 Walter

 

MilanPinter
Level 3

3 weeks ago

That's interesting. We're on version 7.1, using both native and SSO, and we have this table populated with all AD user details. Do you use an authentication server? We're on native authentication here. Also, do you manage your Blue Prism roles through Active Directory?

0 Likes

Walter.Koller
Level 12

3 weeks ago

We don't use authentication server 

WalterKoller_0-1755154452126.png

We don't use mixed authentication but SSO only

WalterKoller_1-1755154505396.png

Roles are managed in AD

WalterKoller_2-1755154544101.png

Out of 66 roles and 37 active users, there is only one role assignment in the DB

WalterKoller_4-1755155011751.png

 

best regards

 

0 Likes

Walter.Koller
Level 12

3 weeks ago

@MilanPinter it would be interesting to know what your configuration is. We might then just create a temporary environment with similar settings to query this info from DB instead creating more complex workarounds on UI (which doesn't work for Role assignments in BP UI).

Thanks

0 Likes

MilanPinter
Level 3
In response to Walter.Koller

2 weeks ago

We are using Blue Prism 7.1.1 with both AD and Blue Prism Native authentication. Role membership is managed within Blue Prism, not through Active Directory. To retrieve users for a given AD group, you may need to query Active Directory directly. I assume the association between role membership and the AD group can be found in the Blue Prism database somewhere?

0 Likes

Walter.Koller
Level 12

2 weeks ago

OK, if role membership is maintained in Blue Prism and not in AD, then the DB has to store this information.

BP user roles mapping to AD groups can be found in this tables:
from
BPAUserRole ur
left join BPASSOGroupRoleMapping grm on grm.RoleID = ur.id

 

Querying our AD was always a problem until recently, as they (>100 AD) have to meet high security requirements of federated companies in an international holding. Eventually, shortly after creating this thread, we managed to get meaningful results from AD queries. 
I didn't 'close' this thread as my original question was primarily regarding Win32 features not working. (And we might need this approach maybe later when we move to Entra ID and AD topolgy becomes even more complex)

My secondary question about possible alternative ways to get this information was answered though. Thanks @MilanPinter for your input!

Kind regards,
Walter

0 Likes