Plans in PE

Plans allow you to tie together tasks, scripts, commands, and other plans to create complex workflows with refined access control. You can install modules that contain plans or write your own, then run them from the console or the command line.

A plan is a bundle of tasks, commands, scripts, or other plans that can be combined with other logic. They allow you to do complex operations, like running multiple tasks with one command or running certain tasks based on the output of another task.

You can run plans using the tool of your choice: the console, the command line, or the orchestrator API POST /command/plan_run endpoint.

RBAC for plans and tasks do not intersect. This means that if a user does not have access to a specific task, but they have access to run a plan containing that task, they are still able to run the plan. This allows you to implement more customized access control to tasks by wrapping them within plans. See Defining plan permissions for information about RBAC considerations when writing plans or managing plan access.


If you have set up compilers and you want to use plans, you must set either primary_uris or server_list on your agents to point to your compilers.

If you are running multiple tasks or tasks within plans, make sure the task_concurrency and bolt_server::concurrency limits can support the number of tasks you need to run simultaneously. To adjust these settings, refer to Orchestrator and pe-orchestration-services parameters.