Disable personal vault for specific users

@Maxime Morin, here was my reply to the previous post. I had to delete it because I used the wrong account.
---

Hello,

Thank you for the feature request, it has been added to our backlog.

On a side note, user vaults are not meant for personal credentials; they are meant for business accounts. When you delete a user (i.e., an employee leaves the company), it's user vault can be restored as a shared vault in case you need to retrieve a specific business account of the deleted user.

For personal credentials, it's better to use Hub Personal (ideally, with a personal email.)

Have a good day!
Maxime Morin

Well, I'm obviously talking about nominative business account... and I think you didn't really understood why we are asking this.
We don't really care if someone register something personal like Facebook or Amazon, that's their problem.

So let's get another example, we create engineer1 and engineer2 account on Devolutions Hub for the contoso company.
There is something like 30 different engineers that could use these accounts from our MSP.
Everyone get an administrative account with their personal name and credentials for all our systems: Active Directory, vCenter, Switchs ... etc.

Today JohnDoe have to work on our infrastructure, he download Devolutions Launcher, use engineer1@ourcompany.com to connect to the system.
When he launch a session to a RDP it promprt for his personal password and do his job.
But what if JohnDoe connect to ourcompany.devolutions.app and register his nominative account for vCenter in it?

When he do this, all the employee from our MSP can connect using the shared account engineer1 or 2 to our Devolutions Hub and look for credentials in it.
It mean someone can use the credentials of JohnDoe even if it's not him or if not authorized to work on our infrastructure.
That's a big no no.


And the sad part in this story... Our MSP also have DVLS and full RDM license (unlimited, multisite etc) but since the RDM licenses are registered on a server they can't use their own RDM license to use it on our infrastructure.

Arnaud,
Please remember that if you are working in any organization under HiTrust (HIPAA), PCI, or SOX (Sarbanes Oxley), FSAP, and i believe GDPR compliance requirements, the use of shared accounts is non-compliant. All users should have named accounts that can be reflected in an Audit trail so that any potential security or breach can be effectively researched.

Hello Mark,
We're located in Europe so none of that apply here except GDPR. But it's absolutely not requesting this.

This is irrelevant:

All users should have named accounts that can be reflected in an Audit
trail so that any potential security or breach can be effectively
researched.

All users do have nominative account on the targets... There is nothing we can't track easily.

Hello Arnaud,

Thank you for the clarification on your use case. I think the proposed solution (adding an option to disable user vault on specific users) would mitigate your concerns. My side note was simply to let you know more about user vaults and their usages since you were using the term "personal vault".

Have a good day!

Hi,
Yes the proposed solution is perfect. English isn't my native language, sorry for not using the right termes/words.

Best regards

Hello,

No problem, we will let you know once implemented.

Have a good day!

Hi

Just curious, has this been implemented?
Could the request be extended so instead of a true false, then a dropdown (or two switches :) ) where it could be forced that the user used Hub Personal as user vault?

Regards.

Hello,

The feature has not been implemented yet.

Your extended idea is something that we've looked into in the past. The challenge is that most users shouldn't use the same email for their business accounts and their personal accounts. This means that we would have to switch often between accounts and it currently requires a full page refresh.

Have a good day!

Hello,
is there any update on this?

Focus is to disable "User Vault" for specific accounts only.
Lets say we have 2 accounts who have access to the DB.

Account A is connecting to the DB. The user has access to use the feature "User Vault".
Account B is connecting to the DB. The user does NOT have access to use the feature "User Vault".

Currently i only see an option disable it for everyone.
Thanks

Hello,

It's currently being targeted for 2025.1 which is expected in January/February if everything goes well.

Have a good day!

Hey,
i had found something...


Here can i disable the user vault for specfic user accunts, looks like this is doing the job for me!

Hi

I believe this setting only applies to this configuration of your RDM. If you connect workspace or have another computer where RDM is installed, this setting has no effect.
What OP needs, is an administrative way to force disable user vault.
Not make it up to the user whether to have it or not.

furkancevik is correct, this setting exists and applies to a single user but only with an SQL-Server data source; the same setting does not exist in Hub Business. That should be done by 2025.1.

That explains everything, thanks :D

Hello,

Since the release of 2025.1, it's now possible to disable user vaults by users instead of only systemwide.


Have a good day!

Hello Maxime,
Thanks you very much for the implementation.

This is very appreciated!