Joshua Sanders Posted October 9, 2018 Share Posted October 9, 2018 I apologize if this is something someone has already asked. As part of PCI (DSS 8.5), we are looking into what to do with certain systems that we will not be able to delete/disable the general admin/root account on. If we were able to enable an approval process with the check-in, ie. User sees password#1 (s)he wants access. User initiates check-out of password. Password List administrator receives email to approve. User is granted access to password. Is any of this possible with PasswordState? Link to comment Share on other sites More sharing options...
Fabian Näf Posted October 9, 2018 Share Posted October 9, 2018 Hi Joshua Passwordstate gives you the possibility to request an access to a password or passwordlist by clicking on the passwords menu (the first icon) on the lefthand side. Through this option you can request an approval from admins of the Passwordlist/Password. Permissions can be get only for a certain time window or can need a handshake approval (two person). There's also an other feature which could be interested for you: When you have an account properly setup with password rest options you can use the checkin/checkout feature. This will show a Password only after it has been checked out by the user. After the work has been done, the password needs to be checked in again. Then the password reset comes into play, it will immediately generate a new password and set this new password on the related system. So no one (expect passwordstate) will ever now the current password and the user can't write it down. Best regards, Fabian Link to comment Share on other sites More sharing options...
Joshua Sanders Posted October 9, 2018 Author Share Posted October 9, 2018 Fabian Näf, Thank you. Can I have it setup so my users can see the various password lists and passwords but not be able to access them? This way they aren't guessing on a search term but can easily browse to the appropriate password list (network equip, Windows accts, etc). and request the password from there? Link to comment Share on other sites More sharing options...
support Posted October 9, 2018 Share Posted October 9, 2018 Hi Joshua, With the 'Request Access to Password Lists menu', you can browse the Password Lists here, then click on one of them, then view the individual records contained within it. We're also just starting to redesign this feature, and we were considering changing this so you had to instead search for everything, instead of showing records by default. So we're curious as to why your users wouldn't know some sort of search term for the record they need access to? Thanks very much. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.