Permissions in RDM

Hi @ricunhaneves
I faced the same issue but on a larger scale and encountered the same as you - team B needed access to a folder/entry that only team A had access to (in my case it was Level 1 v Level 3 support team permissions)

Taking your example in our context i ended up with the below and what to do when we create a new entry initially for TEAM A access, then if TEAM B needed access what to do
Not very elegant but achieved the result but required hours of work and careful documentation of the pattern of access.

TEAM A - Level 3 support Team
TEAM B - Level 1 support Team

-- Vault Root -- Everyone View Only

-> Folder Root (Level 3 Support Team) – Team A: Full permissions | Team B: No permissions

-> Folder 1.1 – {Inherited} Team A: Full permissions | Team B: No permissions

-> Entry A – Inherits permissions from Folder 1.1

-> Entry B – Inherits permissions from Folder 1.1

-> Folder Root (Level 1 Support Team) - TEAM A: No Permissions | Team B: View and Connect permissions

-> Entry A (Shortcut) – Inherits permissions from "Folder Root (Level 1 Team)" foler

ie. The only way I could make this really work was to change the Vault defaults, then set up a new root folder where all the shortcuts lived for TEAM B access.
The downside of all of the rework was that every entry in our system as we relocated and resorted entries was that the last update was changed for every folder entry as we also needed to make sure intermediate folders hadn't aquired any incorrect permissions.

Hello,

Thank you for contacting us regarding this matter.

The permissions depend on the data source you are using. Could you please let me know which data source you’re working with? Once I have that information, I’ll be able to provide you with a clear explanation.

Best regards,

Hi Tommy.

We are using Devolutions Server as Data Source.

Regards,
Ricardo Neves

Hello,

Thank you for your response.

The permission structure in DVLS is similar to SQL permissions. You can configure them individually. By default, permissions are inherited from the higher level—starting at the vault and cascading down to its subfolders and entries.

You can assign permissions to both users and groups. Please refer to the following documentation to correctly configure your permissions:

• https://docs.devolutions.net/server/web-interface/administration/configuration/system-settings/vault-management/batch-grant-access/#permissions
• https://docs.devolutions.net/server/web-interface/administration/configuration/system-settings/vault-management/permission-sets/
• https://docs.devolutions.net/server/web-interface/user-groups-based-security/permissions/

Let me know if you have any questions or need further assistance.

Best regards,

Hi @DMOZ
Our situation mirrors yours, where we have configurations for a vast number of entries across multiple vaults and various teams requiring access. We've configured permissions to ensure each team only sees the servers assigned to them. However, certain servers need to be accessed by more than one team. Essentially, we have extensive trees with numerous folders within each client for different teams.

@Tommy Sanders thank you for your response.

Permissions were set up based on your documentation. We're still encountering issues with entries that have shortcuts in other folders.

Regards
Ricardo Neves

Hello,

Thank you for your response.

Since both of you need assistance with permissions in DVLS, I’m sharing a training video that may be helpful:
Managing Entry Permissions – Devolutions Academy

If the video doesn't resolve your issue, I’d be happy to open a support case and schedule a remote session for us to go over it together.

Please let me know if this helps.

Best regards,