Visibility/available OTP actions if permisson 'view password' not granted
Visibility/available OTP actions if permisson 'view password' not granted
Hi,
If on a credential entry (with OTP code) the view password permission is disabled for the user, the copy One-Time Password and View One-Time Password is still avaliable for the user.
We would expect it to not be available here either with this permission setting.
Looking forward hearing from you, and feel free to contact me in case of any concerns.
Regards, Marcel
All Comments (2)
Hello Marcel,
This is expected behavior. The View Password permission grants the right to view the OTP seed key, but you are still able to view the OTP code.
If you do not want a user to view the OTP, you would need to create a separate OTP entry.
The reasoning of the decision can be viewed in this thread: https://forum.devolutions.net/topics/36249/otp-permissions-create-a-specific-permission-or-allow-all-users-to-vie
Best regards,
Richard Boisvert
Thanks for your explanation and reference tread Richard.