Permission on subconnections
Hi!
I have a "Host" entry with several subentries (URL, ssh, VNC, RDP).
I have different user/groups. Some users/groups are allowed to use ssh, some not.
Depending on user/group I want to use different credentials for RDP.
How can I realize that? I only can set permissions to the "Host" entry, not to the subentries.
CU,
Timo
All Comments (5)
Hello,
Thank you for contacting us regarding this !
Which RDM version are you currently using ?
What is your data source type ?
Best regards,
Hi!
Ah, failing to provide basic information. My bad.
I am using RDM 2022.3.31.0 64-bit
Datasource is a MS-SQL Server
CU,
Timo
Hello,
No worries !
Here's a blog regarding sub-entries which may be useful to you: https://blog.devolutions.net/2023/01/goodbye-sub-connections-hello-much-better-sub-entries-in-rdm/
As for your question, it depends. We do offer user specific settings, which would allow your users to have their own set of credentials for one particular RDP entry.
However, unless I'm mistaken, this is something your users will need to configure on their end while following this article: https://docs.devolutions.net/rdm/windows/commands/edit/setting-overrides/specific-settings/
They'll also need the proper permissions to make these changes.
Other than that though, I don't believe we have any way of making it so the admin forces a specific set of credentials in RDM for a particular user group for an entry.
I'm admittedly not sure about how you've configured your data source. However, if you're only using a single vault, perhaps a good way to implement what you wish to do would be to have multiple vaults with each vault being designed for a user group in particular.
Let me know if there's anything else I can help you with !
Best regards,
Hi!
If different credentials depending on a User/Group is not possible, I can use as a workaround two different entries. That is not the problem. The problem is, that I can not set permissions on a subentry.
This are the properties of the entry:
And this are the properties of a subentry:
The admin group shall able to use all entries and the support group have to be restricted to the RDP support entry (and one or two other) and not able to use the RDP admin entry or ssh for example.
I don't want to create a second host entry for the support group, but ATM I see no other solution. This would really annoying, because we not have only one host computer, but 4-12.
CU,
Timo
faf4ce25-492a-4b90-9dc4-c92b84335459.png
4ed78c5a-f12d-4ca9-b417-05efb1d7d186.png
Hello,
Unfortunately we don't currently offer the possibility of changing permissions within sub-entries.
This isn't something we currently have planned to implement, however we'll definitely keep it in mind should we find the demand is strong for this feature.
Best regards,