VPN/tunnel/gateway rights

Hello,

Thank you for your request. I just noticed that you also asked a similar request for the session recording field and even if I didn't mention it, the request that we received is also about those two fields, Gateway and session recording. As I said in the other thread, we have internal discussions to see what could be done. We will post back here once we have an update.

Best regards,

I am throwing our hat into this ring also as we have policies to always force GateWay proxies and recording of sessions for our PAM users. Looking to control this feature from the server side if forced and not allowing RDM to override it. We already force RDP, Folder, Web tentry templates which we can configure for this, just need it so end-users connecting to our Devolutions/PAM server to override it locally.

+1 to a interest in this feature as well.

Yes, I have also addressed this and if a user is connecting to my Dvls\PAM server then my server should control both gateway and recording.

At the moment it's possible to disable VPN/tunnel/gateway settings when a user has edit rights in a vault. Setting up Devolutions gateway in VPN/tunnel/gateway is always a company policy and should be forced by inheritance so when a user adds a new entry session recording is configured by the settings on the vault and can't be changed.

@hjbos
Right now, users with edit access can turn off VPN or gateway settings. But company rules should force these settings to stay on, so new entries always follow the vault’s recording rules and can’t be changed.

Hello,

Thank you for your interest. We forgot to update that thread, but we released an improvement for that with version 2025.2. We added 2 new permissions: Edit VPN/Tunnel/Gateway configuration and Edit session recording configuration. So it is now possible to remove those permissions from your users so it will be mandatory to use the Gateway and/or record the session.


Let us know if that helps in your situation.

Best regards,