Permissions on folders - How they work

[support]

Purpose:

This tip explains how permissions on Passwordstate Folders work.

 

Functionality:

 

• Permissions on Folders in Passwordstate are assigned automatically, and by design they will inherit their permissions from the Password Lists which are nested beneath them.  If a folder has several nested Password Lists, the Folder will apply the highest level permissions from all the Lists.
• By default, managing permissions manually on folders is hidden, but you can enable it by going to the screen Administration -> System Settings -> Miscellaneous -> Allow Permissions on Folders to be managed manually (managing permissions manually does not mean permissions are propagated downwards)
• This permission structure is specifically designed for the scenario where a user drags and drops a Password List inside a folder.  This Password List will not inherit its permissions from the folder, which could have potentially given access to many users who were not initially authorised access to the passwords.
• An Administrator of a folder structure can prevent non administrators from dragging and dropping Folders and Lists, by selecting the following option (This is on by default): 

 

 

• You can manage the permissions on Folder manually if you wish.  Even when administering Folder permissions manually, the same rule applies, where nested Password Lists will not inherit Folder permissions.  You can manage your permissions manually by highlighting the Folder and clicking Folder Options -> Manage permissions manually for this folder (do not inherit from nested Password Lists)

 

 

 

 

Example of a real world folder permissions scenario:

• We have a Folder called IT, with 3 nested Password Lists
• Also nested under this IT Folder is another Folder called Help Desk, which has an additional 3 Password Lists
• We want to give a Security Group called "Domain Admins" full access to every single Password List nested under the IT Folder, and Sub Folders
• We want to give a Security Group called "Help Desk" full access to only the Password Lists that reside under the Help Desk Folder

Set up the permissions quickly by using the "Administer Bulk Permissions" feature.  Do this by clicking Administration -> Password Lists -> Administer Bulk Permissions - (only a Security Administrator can do this, you must have access to the Administration Menu)

 

 

Select Security Group, and search for Domain Admins.  Highlight the 6 Password Lists that reside under the \IT Folder, and add them to the Administrator Permissions, and click Save

 

 

Now search for the Help Desk security group, and highlight only the 3 Password Lists that are nested below the \IT\Help Desk\ Folder.  Add them to Administrator Permissions, and click Save

 

 

 

Results:

When logging into Passwordstate as a member of the Domain Admins group, you will see the IT folder, and all Password Lists including the ones nested under the Help Desk Folder.

 

 

Or if you log in as a member of the Help Desk group, you will only be able to see the \IT\Help Desk\ Folder and the 3 Password Lists.  Notice you will not see Test Password List 1, Test Password List 2 and Test Pasword List 3  Password Lists directly under the IT folder, as you do not have permissions to view them:

 

 

 

 

 

Conclusion:

Best practice is to let Folder permissions take care of themselves, and manage the permissions on the Password Lists individually. If you have a large number of Lists in a Folder, you can minimise this task by using the "Administer Bulk Permissions for Password Lists" option.  To learn how to do this, click HERE