Administrators give roles and users permissions to perform different actions.
Permissions are set at various levels:
Permissions apply to the entire data source. Permissions are related to:
•Entries (e.g. import/export).
•Logs and reports.
1. On the Administration tab, click Data Source Permissions (System Permissions). The current default setting is in brackets.
The permissions in Vault Settings apply to all the entries in the vault.
To set the permissions for the vault, on the Administration tab, click Vault Settings, then click Permissions.
There are many options. We want to draw your attention to two settings:
View Password: Change password visibility. A user can still open a remote connection in embedded mode without seeing the password.
Execute: Controls whether a user can use an entry (e.g. open a remote connection).
Restricted access sets all permissions to never. An administrator then gives rights to view items and perform actions, as needed.
The option Create vault with restricted access by default is enabled.
With restricted access, when you assign users to a vault you must give them permission to view the contents of the vault.
Restricted Access: Allow members of a role to see contents of vault
1. On the Administration tab, click Vault Settings.
2. Click Permissions.
3. Set Permission to Custom.
4. Set View to Custom.
5. Click Select roles or users. Choose the roles you want to view the vault contents.
Grant Access – Vault – Administration Windows
When restricted access is turned off, the permissions are set to default (everyone) at the vault root and permissions are inherited from the user (e.g. permissions set with restricted users).
You can change restricted access in Data Source Settings (System Settings) – Security.
Assign permissions to high level folders when permissions set at the vault level are not sufficient. When configuring access and permissions on folders you are creating an exception to the general permissions for the vault.
To edit permissions on a folder, select the folder and click Properties. Then click Permissions. On a folder, Default refers to the vault permissions (vault settings) or a higher level folder. The settings that are used are displayed beside the drop down lists.
Inherited Permissions in Folder Properties
Lower level folders can inherit permissions from parent folders.
You can set permissions on individual entries too. Select the entry, click Properties. Then click Permissions. Default refers to a parent folder. When the higher level folder is set to Default or Inherited, the entry will follow the permissions set at the vault root. The settings that are used are displayed beside the dropdown lists.