Devolutions ForumDevolutions Forum

How to prevent users from adding user specific session credentials

How to prevent users from adding user specific session credentials

avatar
tg

I've found that user specific settings (and having a private vault) can be prevented by an RDM Administrator in Administration -> Data Source Settings. However, this is global. I'd like to prevent these abilities for some users only, which would require it to be a user specific setting. Is there some other way to achieve this?

PS. Actually, I don't think so - but 'm too new to RDM to know for sure, so I didn't post this into feature requests.

Best regards, Thomas.

All Comments (3)

avatar
tg

Oh, and then I'd like to hide credential definitions in the shared navigation pane from some users. So what I'm suggesting is that the user permissions are extended to have these options:

* prevent user specific settings
* prevent local specific settings
* disable private vault
* hide credentials items in navigation pane

Actually, a "security lock down" option that combines all these would be enough for me.

Best regards, Thomas.

avatar
David Hervieux

Hi Thomas,
This is not supported per user but I will add this to our todo list. We plan to improve the security system in RDM 12

David Hervieux

avatar
tg

Many thanks in advance, David.

It will be interesting to see where RDM 12 is heading with respect to a "kiosk mode" for less privileged colleagues. In the meantime, I've spotted a couple of things that should be invisible in that scenario too, like the "dangerous" options available in the "open with parameters" context menu and dashboard, that allow picking other credentials or templates.

Basically, in that kiosk mode for colleagues, I'd like them to be able to use what I specify (in terms of credentials and templates) and not something they could invent on their own to gain higher level access. It's not that I wouldn't trust them, but an ISO27001 auditor should not.

On that level, it would be helpful (maybe, depending on your concept for RDM 12) if access permissions could be applied to shared templates. Other thoughts on this:

** Maybe make shared templates visible in the navigation tree so that access permissions can be applied to them and/or they are only valid in a certain sub-tree, like credentials.

** Maybe user View permissions should be split into "application can use it" and "user can view it". This could be helpful for other scenarios as well, i.e. to hide away credentials nodes while still permitting their use. And it could/should prevent users from copying templates from shared to local, which currently works although they cannot view (or edit/add/delete) them directly in the shared location.

That being said, I wish you good luck with your improvements of the security system in RDM 12 ... :-)

Best regards, Thomas.