Jump to content

Request Access to folder (and nested Items)


Mario Härdi

Recommended Posts

Hi, 

 

is there a possibility to enable the function "request access to Folder and nested items?

That would be a great function if you have many passwordlists within one folder.

 

Actually it is Possible to request access for a Password or a password list but not for Folders.

 

Is there a chance to get this function in an future build?

 

Thanks and best regards,

Mario

Link to comment
Share on other sites

Hi Mario,

 

We do not have a feature where you can request access to an entire folder, but you can definitely request access to any Password Lists or individual password records. If you go to the Passwords menu on the left of the screen, you will see the 'Request Access' menus.

 

We do plan on re-working the entire Request Access at some stage, and we'll consider your folder request at the same time.

Regards

Click Studios

Link to comment
Share on other sites

8 hours ago, support said:

We do plan on re-working the entire Request Access at some stage, and we'll consider your folder request at the same time.

 

On this, I had a discussion today with our security team as we look at expanding the usage of Passwordstate further, we need the ability to have multiple approvers to approve an access request, where they don't have to be logged in at the same time. So pretty much a less fancy version of handshake approval; as well as the ability to not let users decide who will approve the request via the request access dialog screen (Currently they can select individual list admins, or it defaults to all list admins, we need to be able to disable this).

 

Link to comment
Share on other sites

Hi Sarge,

 

There's a few things we need to think about with this redesign, and any input you have would be greatly appreciated. Here are some thoughts:

 

We're considering making this a workflow approval via email, so the approvers only need to click a link in an email to approve/deny.
 

How would we choose who the approvers are? Do we:

  • Pick any two Admins on the Password List and email then
  • Have somewhere to specify who the two Admins should be
  • Do we need to allow for an approver who does not have Admin rights to the Password List
  • If there are no Administrators for a Password List, who do we send the requests to
  • And we'd need an option to specify if the request goes to one Admin, or two, or more - not all customers would want "dual" approval

Just some thoughts off the top of my head :)

Regards

Click Studios

 

Link to comment
Share on other sites

3 hours ago, support said:

We're considering making this a workflow approval via email, so the approvers only need to click a link in an email to approve/deny.

This will certainly be a good addition for some customers, however I wouldn't like to see the in-application approvals disappear.

 

3 hours ago, support said:

Pick any two Admins on the Password List and email then

Nope, see below.

 

3 hours ago, support said:

Have somewhere to specify who the two Admins should be

(I don't have any clue what this new mode of approval would be called, so lets go with "Other" for now)

When creating the password list and specifying the approval settings "Handshake Approval" or "Other".
When choosing Other a setting of "Users who approve access" with three sub-options of "List Administrators", "Specific Users/Groups" or "Specific List Administrators and/or Specific Users/Groups".

 

The first option is pretty obvious - list administrators approve requests.
The second option is pretty obvious - only specific users or groups approve requests

The third option is basically a completely custom setup - If someone wants all or specific list administrators PLUS a "security" user to approve requests.


In addition to approvers, list settings should dictate how many people are needed to approve requests - a customisable number. Want 4 users to approve requests before someone can have access? Then enter 4, and when choosing the users in the options above, it will throw an error if there is less than 4 approvers specified.

In our instance, we want list administrators (Our teams admins, which vary from 1 admin on a list to 3) plus our security officer.
So we would specify the list to have 2 approvers required, and use the third option, choosing any number of administrators plus the security officer. 
The net result being the list requires 2 approvers, but we've configured all admins of the list (3) plus the security officer. (Total of 4 approvers configured)
Since our list has 4 approvers configured/notified about a request, but only 2 are required "first in first served" basis applies. This is where the in-application approval would be useful - the approvers get emails saying to login to approve the request, where the application can show previously actioned requests as well as outstanding ones (as well as more information about who can approve the request, who has, who is looking at it etc)

 

4 hours ago, support said:
  •  Do we need to allow for an approver who does not have Admin rights to the Password List

I believe so. 
A lot of enterprise clients will have security officers - those users don't need the passwords, just the ability to authorise access requests.
Our security officer would be configured to have no access to any password lists besides those he's requested access to (or maybe a private password list), and would have the ability to view auditing data/reports; and approve requests. 
 

4 hours ago, support said:
  •  If there are no Administrators for a Password List, who do we send the requests to

Is that even possible? If so, should it be? How do those lists get deleted or modified?
If a password list isn't getting permissions for someone (or some group) set as Admin permissions, the creation process should fail in my opinion. 


However, to answer the question, that would be an outlier situation where the creation process should be able to recognise there is no administrator for the list, and there for the "Other" approver option should be configured.

 

4 hours ago, support said:

And we'd need an option to specify if the request goes to one Admin, or two, or more - not all customers would want "dual" approval

I just went to answer this but apparently I already have lol.

 

On a side note, is there password requirements for the application itself?
I got asked that question today and I couldn't answer it lol.

Link to comment
Share on other sites

Hi Sarge,

 

Thanks for the feedback - it's much appreciated. We'd need to consider all the options you specified, as it does sound reasonably complex to code, which means it might also be a little confusing for customers - but at least it we give them options, they can choose.

 

And yes, Password Lists do not need anyone Administrator's assigned to them - Security Administrators can manage them from within the Administration area if required.

 

Can you also provide a little more detail for the question "is there password requirements for the application itself" - I don't know what you mean by that - sorry?


Regards

Click Studios

Link to comment
Share on other sites

27 minutes ago, support said:

Can you also provide a little more detail for the question "is there password requirements for the application itself" - I don't know what you mean by that - sorry?

Forms based authentication for Passwordstate, do users have password requirements? Minimum characters, complexity etc.

Link to comment
Share on other sites

Thanks Sarge - I didn't think of that, as the majority of our customers integrate authentication with Active Directory.

 

So, we do not enforce password strength on these logins, but we do prevent re-using passwords, and the stronger the password you enter, the less frequent you will be asked to reset it.

Regards

Click Studios

Link to comment
Share on other sites

  • 2 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...