Jump to content
Sign in to follow this  
nick.welch

Requesting access to Passwords

Recommended Posts

Hi,

 

I've successfully setup passwordstate 7.0 and have been testing for a while now, however I cant see if it's possible to do the following..

 

Basically, we have two sets of users in our business..

1. Users who can see all passwords

2. users who can only see CERTAIN passwords/password lists, the lists they can see they MUST request access and it must be approved before they can access. They must not be able to request access or see any other lists than those they have access to.

 

I can see that passwordstate is capable of permissions, giving certain users/groups access to specific lists..

 

However, If a user does not have access to a shared passwordlist they can STILL see it (and the lists of passwords within it) from the 'Request access to password list' menu.

 

This is a BIG no no... I need to be able to hide password lists completely from people who should not even know they exist, even if they can only see that the password list exists and no further information.

 

Hopefully I am missing something simple..

 

Please advise.

Nick.

Share this post


Link to post
Share on other sites

Hi Nick,

 

Thanks for your interest in our software - it's very much appreciated.

 

Just about everything in Passwordstate is option based, so if you go to the screen Administration -> Menu Access, you can completely hide these two 'Request' menus from all users if you like. You will also need to hide the 'Toggle All Password List Visibility' under the 'Passwords' menu.

 

I hope this helps?

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for your response.

 

However, If i disable these two request menus, how does the logged in user request access to passwords?

 

Sorry if this doesn't make sense.

 

I need the users to be able to have access to password lists, but when they need to see the actual passwords it needs to be approved first.

 

Other password lists should be completely invisible and non-requestable.

 

thanks

 

NIck.

Share this post


Link to post
Share on other sites

Hi Nick,

 

I think it's me that is getting confused :)

 

Those two Request menus do not show the users the passwords at all. If you go to the screen Administration -> System Settings -> Miscellaneous tab, there is an option to also hide the UserName, Description and Notes fields as well if you want.

 

Based on your original requirement, I don't think we have an option to help you with this - once you have been given access to a Password List, there is no option to request access every time. There are options for specifying a 'Reason' why you need to use a password record, and this detail is audited, and there are secondary authentication options you can apply to a Password List, but I don't think either of these is what you need.

 

Sorry, and please let me know if I have misunderstood?

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi,

 

Thanks again..

 

Yes you understood correctly..

 

So basically,  if a user has access to a password list then they can view the password without further permissions.... the most limited permissions you can give are view.

 

Is it possible to request this feature in a further release? Either another permission for password lists such as 'List Passwords Only'... or an option someone that states "non admin users must be approved to view passwords".

 

Otherwise, I cant see a way of controlling access to passwords? Either they see everything or nothing.

 

thanks

 

Nick.

Share this post


Link to post
Share on other sites

Hi Nick,

 

Thanks for the clarification, and we will consider this for a future release.

 

Something else to possibly consider:

 

1. From the screen Passwords -> Request Access to Passwords, the user could request access to a single password record

2. When the Admin approves this request, they can apply the 'One-Time Access' setting on the 'Time-Based Access' tab - so as soon as the user views/copies/edits the record, their permissions will be removed, and they will need to request access again next time

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...