2nd layer of security to avoid bugs breach
all my servers are in the devolution online database, its is sorted in folders, each folder is linked to a security group and each user has access to specific security groups.
what happened today is a massive security breach, im the only one with administrator rights, one of the user opened his RDM and he had access to other security groups, groups he never had access to, no settings was changed, i have no idea how this happened but i simply cannot allow this to happen nor rely on the security group feature alone
is there an option to password lock the folders within RDM ? or anything similar to that ?
All Comments (7)
Hello,
What version of RDM are you running?
For your data source, you are using Online Database Enterprise Edition right?
Have you performed a CTRL + F5 to refresh the cache and then, he lost access to the folder that he shouldn't have access?
Best regards,
Jeff Dagenais
this is the version -
http://prntscr.com/n37vii
its the enterprise yes
and after a restart of RDM it was gone, problem is , one time is all it takes
would like to understand how this happened + can i make a folder password protected ?
Hello,
We have seen this kind of issue in the past when the Security Groups we're updated/modified and that the local cache of the user was not properly updated.
In your case, restarting RDM has updated the local cache and resolved the issue.
The Security Groups security system is an old system and we are replacing this system by our Roled Based Permissions system, which is more granular and flexible.
https://help.remotedesktopmanager.com/rolebasedsecuritysystem_simplifiedsecurity.htm
Unfortunately, this system is not supported inside Online Database and will not be added. If you would like to use a cloud database with our Role Based Security system, SQL Azure would be a good choice for you. For a bulletproof system, I would recommend Devolutions Password Server as your backend data source - https://server.devolutions.net/
Best regards,
Jeff Dagenais
if something like this happens in this system then its useless, the whole reason using RDM is to control who and when have access.
im days away from purchasing this database for a 1000$ a year, if no solution for this i need an alternative
and still have got an answer, can i lock a folder with a password?
Hello,
The alternative are proposed in my previous post.
No, it's not possible to set a password on a folder to access it.
Best regards,
Jeff Dagenais
u mentioned youre replacing it with Roled Based Permissions system
when will that be ready ?
Hello,
No, I didn't mentioned that. Let me explain it again.
The Role Based Security system is the security system that we have implemented in RDM 12 and now, it's the default one in RDM 14, except for Online Database, because this system is not available with this type of data source and will never be.
If you want to use this security system, you would need to use another type of data source like SQL Server, SQL Azure, MariaDB or MySQL as example.
If you absolutely need/want to stay with Online Database, the tips/workarounds that I can proposed are the following:
Best regards,
Jeff Dagenais