Deny access to folder in a vault for a group with access to the rest of the vault
Deny access to folder in a vault for a group with access to the rest of the vault
Hi,
With our local SQL datasource we are able to allow groups of users access to a vault but deny them access to a specific set of folders in a vault (i.e. for privileges information that should be accessible to a subset of users instead of all users with access to the vault).
I'm attempting to do the same on a vault in Password Hub Business but there's no clear way of removing the inheritance on a folder. I can define the groups as readers (not exactly what I want but at least the privileged info is not visible) but users still seem to have access to the information. It looks like the permissions are maintained from the inheritance.
Is there a way to achieve this without having to create a new vault just for the privileged info?
Best regards,
Jelle Hillen
All Comments (1)
Hello,
With Hub Business, there's no way of denying access to a folder once granted. There's no option to remove inheritance on a folder like SQL-Server or DVLS. (Permissions are always cumulative.)
To simulate what you are looking for, you need to utilize the restricted role on the vault. This role only has access to view the vault by default nothing else; no entries, no folders.
Afterward, you can assign the correct permission on each folders.
Have a good day!
Maxime Morin
8dd48d73-26a8-4144-baf8-26c2204d35f4.png