Assigning roles

[Guest Aaron Deel]

I have just installed passwordstate, and I'm working on setting it up.  I know this sounds ridiculous but, somehow, I just can't seem to find out where I can assign roles to the users that I've set up.

During setup, there is a section to "Create a Security Administrator Account", which I assumed it meant to create a new local account for security administrator, but apparently it meant to use an AD account.  So, I had a non-existant Security Administrator account.  No big deal, I just logged into the Emergency Management and set up the AD accounts that we intend to use for administration.

 

Now, I can access those accounts in the "User Accounts" tab, and I see "Role: Standard Account".  But I see no option to change that role anywhere in the User Accounts tab.

I looked into the Security Administrator tab, which shows no security administrators (because I deleted the non-existent account that I set up initially", and I see no option here to add a user to the security administrator role.

 

So, I read through this document, https://www.clickstudios.com.au/downloads/version7/passwordstate_security_administrators_manual.pdf

On page 55-56, under section 27, it states that a security administrator can assign roles and that you can assign roles using the Emergency Management........ but I don't see anywhere in the document that explains how this is done.

 

I also looked in the database itself, and I guess I could use SQL to add a member to the Security administrators table manually, but I assume there's more to setting up a security administrator than just adding it to the table.

 

I know I'm probably just dumb but and it's probably right there in my face, but I'm just not seeing it.  Can someone toss me a lifeline by chance?

[Aaron Deel]

It looks like I need to go under restricted features in the "Features Access" tab and unlock it.  When I post the generated code in the unlock field, I'm getting:

Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated. 

[Aaron Deel]

Alright, I get an error if I try to update the Restricted features from emergency.  So I went into the database and manually changed the ChangeSecAdminRoles to 1..... Apparently the application doesn't like that because now I get a database integrity error.  This is fun.......

[support]

Hi Aaron,

 

Sorry you're having some issues, and hopefully the following information will help:

• Firstly, please don't try and modify any data in the database directly - as you've found, we have a lot of security built around this, and you will cause issues doing this
• During the initial setup, which ever AD Account you specified is the one you need to login with initially. Possibly you misunderstood this, and now you have the initial account in Passwordstate which you cannot authenticate with - which leads us to the next item
• By default, the Emergency Access login cannot change the roles for Security Administrators - this is by design for security reasons. But you should not be experiencing that error when trying to "unlock/change" this feature. So we can see what the actual error is, can you please follow the article, try it again, and then report the error back here - https://www.clickstudios.com.au/community/index.php?/topic/2257-turning-off-custom-errors/
• The Security Adminstrator's manual you linked us to is for version 7 - which is old now. You can find the latest Security Administrator's manual under the Help Menu in Passwordstate. Or you can find all the latest documentation on this page - https://www.clickstudios.com.au/documentation/default.aspx 

Regards

Click Studios