Search the Community
Showing results for tags 'auditing'.
Found 2 results
Hello, I tried to see if this issue has already been brought up but did not find anything. It has been brought to my attention, the following scenario: A user browses a website, lets say "https://portal.office.com" where they have a password entry saved in their private password list. We also have a high number of shared passwords that have the same URL. When the user browses "https://portal.office.com" the auditing log shows that the user "retrieved password" for every password we have in the database using that URL. I feel that this process should be revised (assuming it has not been yet as we have yet to update to the latest version). There shouldn't be an audit entry stating that the password was retrieved unless it was actually pulled and used. Maybe pull a list of titles/usernames and audit that but not the actual password unless it is intended to be used by the end user. This fills up the auditing log and could cause for some confusion when a user is showing tons of password pulls when they did not intentionally do so. Has anyone else run into this? Thank you.
Hey Everyone, Hopefully someone can help me with this. Im looking to create a new local user in Passwordstate (v7.6 build 7676) that only has access to Auditing in the Reports Menu, but can see all records. I have created a test user that has this specific access but the only records the user can see in the reports is concerning themselves. Is there a way of setting this up ? Thanks Alan