Reveal password only for certain folders

Hi,
This is not implemented. However it's good idea to make the reveal password inheritable. I will enter a feature request.

Hi!

Are there any news? That would be important for me!

Regards,
Stril

This is a major change and it's planned for the version 10

Hi!

Is there any schedule for a new major release?
That feature is extremely important for me. I do not want to allow my users to see all the passwords, but there are cases, where they need it.

...it is the only reason, I did not buy RDM for my whole team, yet :-)

Regards,
Stril
edited by Stril on 4/22/2014

Fall 2014. I can assure you that if that was a simple change, this would be implemented earlier.

Thank you for your answer.

I am looking forward to see that feature!

Hi!

Are there any news? I did just install RDM 10, but I could not find that feature. It would be quite important for us.

Regards,
Stril

Hi,
This was the only feature we cut in RDM 10. It still really high on my todo list.

Sorry for the inconvenient.

Hello David!

Is there anything new about that feature?
I really need a possibility to do that.

Regards,
Stril

This was not possible for RDM 10.5 but now we have a plan and we know how we will do it. This should be in RDM 11 for sure.

Hi David!

Is this feature included in RDM 11?

Regards,
Stril

Hi!

Is there anything new? I could not find the feature in RDM 11.

Regards,
Stril

This is one of the most requested feature but it also one of the most complicated feature to add. We decided the finish our mobile version before implementing a change in the security model. We are close to have achieve that and we should be able to redesign the right system.

Regards

Hi David,

is there any schedule for that feature? It was once planned for 10 in 2014.

Regards,
Stril

I prefer not give you a specific date but second quarter of 2016 should be good.

We would also like to see this feature implemented. Making reveal password an inheritable variable via security group would greatly enhance our DVLS set up. Thank you.

Hi!

Is there any update on that feature? We really need that feature to be able to use RDM with more users.

Regards,
Stril

This will be in RDM 12. I already have an internal prototype of the new security engine.

Regards

Hi!

Is there any schedule for RDM12?

Regards,

This fall. We are near the feature complete.

Regards

David

Does that also mean that in RDM12 "Allow Reveal Password" will become a permission that you can grant against groups?

Yes exactly.

Hi!

Are there any news about the release?

Regards,

Hi,
This is already implemented internally and it will be soon available.

Regards

Hi!

I just installed RDM 12, but I cannot find the new ACL system to allow or deny the "reveal-password-feature" for certain groups. The only butten, I could find, was the button "reveal for everyone"

How can I use that feature?

Regards,

Hi,
What data source type do you use? Also we found a bug in the folder dialog if you open a Local Data Source first. Just restart RDM and open your folder dialog. This is in Permissions section.

Regards

Hi!

I am using MySQL as data source. Is there any Limitation with MySQL and the "reveal-password-permission"?

Regards,

@Strill

The new permissions system is available with a SQL Server database. With MySQL, you can enable the reveal password permission at the user level, but not at the folder level.

I don't know if this will be available in MySQL. I will let David answer you on this, however he's in vacation this week. This will go next week.

Best regards,

Hello!

This is very disappointing. I have been waiting for that feature for about three years, and now it is VERY limited.

Regards,

Hi,
I have to be honest. Most of our development is done with SQL Server. For example, Devolutions only supports SQL Server. I understand you disappointment and we will try to add the support for that in MySQL. For this specific feature it's not a big task since most of the work is already implemented cross-database.

Regards

...so you would recommend me to setup a new SQL-Server as data source and to migrate from MYSQL to MS-SQL?

Regards,

Hi,
Yes if you want to eventually use Devolutions Server. If you can wait 1 or 2 weeks, we should be able to support Role based security for MySQL. I've talk to the dev. I think it's a good idea to wait. We are close to release it after 3 years waiting.

Regards

Hi David!

Thank you for your feedback. Thats good news.

Regards,

Hi!

Was it possible to add this feature?

Regards,
Stril

This is available in RDM 12.0.8.0 beta.

Have you tried it?

Hi!

I tried it in 12.0.8.0, but it does not seem to work:
There is the option to set the "view password" permission for a custom set of users, but the chosen users are not allowed to view the password in RDM.

Could you please confirm this?

Regards,
Stril

Hi,
Could you send a print screen in private of the entry security?

Regards

Hi David,

I could just clarify the problem:

The permissions are working fine and the configured user can reveal the passwort, BUT:

- The password is visible through "right-click, view password" on the entry in the tree
- The password is NOT visible in the properties section. The "eye-icon" is missing next to the password

Could you please check this?

Regards,
Stril

Hello,

I had a discussion with our engineering department and there's a difference between the View password and the reveal the password in the properties of the session.

Using the role-based permission, you can enable the View Password feature. This will allow you to view the password via the context menu -> View Password option like you have seen. To have the little eye in the properties of the session, you need the Allow reveal password permissions and this is configured at the user level in Administration -> Users -> Edit user -> Privileges -> Allow reveal password.

Best regards,

Hi!

I have to come back to that old thread, but I found a BIG security issue:

- User A is root-User (FULL rights)
- User B is limited (not allowed to reveal/see Passwords generally, but can Change items...)


Now, I user can easily Change the behaviour:
- User B changes permissions on the entry to "ALL" --> Reveal Password is "open"

If User B changes permissions to "Custom", the Reveal-Password-Permission is "Grey" (as it should be)


Same Thing happens, if User B changes the permissions of the Folder with the Connection.



Can you please check this? I am really worried. At the Moment, every user that can Change an entry can get the Passwords...


Regards,
Stril

One additional Info:

The Problem has been confirmed on MS-SQL and MySQL. Being able to Change anything about an entry makes it possible to give yourself the right to see Passwords...

Hello,

We should have something in the Data Source Permissions regarding this.

Let me verify and get back to you.

Best regards,

Thank you, Jeff.

Thats a big Point for me.

I had to take away the "Change" permission from all my users.


One additional Thing:
Sorry for writing so many capital letters, but there seems to be an Auto-correction...

Hello,

What RDM version are you using?

A good practice to prevent that is to set the root permissions (Administration - Root (Settings)) to Never like the following screen shot.




If you want to just prevent users to change the security, the Edit security permission set to Never will block it.




Best regards,

Hi Érica,

I am using RDM 13.5.0.0

I have tested your Workaround and it is working.

Hi!



Just to complete the thread:
The Workaround is only working, if the security-setting "is allowed to read Password" is only set for individual Connections.
If the right is set for ANY Folder, the user can move a Connection to this Folder to reveal the Password...


Is there any possibility to Change the permissions of multiple Connection as multi-select?

Regards

...any easier:
The user can create a Folder wilth "full-permissions" and move the Connections to this Folder to get the Password...

Hello,

To edit multiple folder permissions, you would need to go inView -> Advanced Search and then, select Connection Type in the first drop down and Folder in the second drop down.

After, select the folders that you want to perform the Batch Edit on it and do a right-click -> Edit -> Batch Edit -> Edit Entries (General Settings).

Best regards,