secret key show
as user I can't see secret key for generating OTP even I can add entry and set OTP while as admin I can see secret key and that is great.
Only I can't find which security permission is controlling that part if for example I want to give one user right to see secret key.
Same thing for backup codes.
As user I can add and I can see backup codes.
Here I would like to remove option that user can see backup codes if he don't have right or if he is no admin.
Regards,
Darko Bazulj
https://triton-grupa.hr
All Comments (2)
Hello,
The key for the OTP is only visible for administrators. There are currently no specific permission to allow other users to reveal this key, but we will consider adding one in the future.
For the recovery codes, you have access to them the moment you can edit the entry. We will discuss internally and see if this is the best way to go about it or if it would make more sense to bind it to a specific permission (like View Password or View Sensitive).
Regards,
Hubert Mireault
it is fine that only administrator can see secret key.
For recovery code it would be also nice that only administrator can see it or that you can control who can see it.
Regards,
Darko Bazulj
https://triton-grupa.hr