Devolutions ForumDevolutions Forum

Provide possiblity to limit permissions for admin

0 vote

avatar
vanbope

Hi,

(As you may have read in other of my posts) I am currently reviewing Password Vault Manager as a tool to manage passwords for my company.

I recently noticed that I could not limit the permissions of administrator user. I filed is as a bug but Maurice Cote pointed out that it was by design.

Is it possible to foresee this possibility of limiting permissions in the future? So that if I would set the permissions as follows:



admin2 would NOT have access to the data entries in the security group called "admin2_secret".

In my view an admin can view all security groups and can grant permissions to any user (including himself) but it should be possible to exclude himself or other administrators from certain groups.

The reason why it is interesting to my company (and I'm sure also other companies) is because we have multiple small teams. Each team is more or less independent of one another therefore each team will be having it's own administrator that can grant access to members of his team. Administrators of team A do not have interests in most of the passwords of team B therefore it is best to just not show those passwords to these administrators.

This way an administrator will not be able to copy or view passwords by accident since the steps that would be needed for that is:
1) granting himself permissions to the security group
2) then view the password of the data entry

Since step 1 is very, very unlikely to be performed by accident, it can be interpreted as bad intent. While just viewing a password which is in the list can be done more easily by accident but on auditing checkup can be interpreted as bad intent as well.

I think one of the main strengths of your product is the generality and the possibility to deploy it for the company using site-based licenses. This will be one of my main selling points to management but it would be handy to have the feature mentioned above to assure my colleagues that no other admins will see their passwords by accident and that they still have the possibility to work independent (provision their own team members).

Kind regards,
Peter

Permissionspwvault.jpg

All Comments (0)