Mark Gable Posted March 20, 2019 Posted March 20, 2019 You seem to be a permission level away from a great product. Why not a permission level to allow users to view RECORDS, below the ability to view PASSWORDS? In our environment, we have many people involved in every application and want them to know that accounts exist so they are not creating new ones for the project they are working on, but not necessarily have direct access to a password. In some cases, a network (or other administrator) will enter a username and password for a user in a setup, but the user would need to know that the account exists in the first place. We also want users to be able to see that someone already recorded an account and password. Searching for accounts is not ideal because you don't know what another administrator may have named their accounts. If you don't have access to any passwords in a Password List, at least you get the Request Access button but, once you have access to one password in the list, it is not very intuitive to click on Passwords / Request Access to Passwords. Users will think an account doesn't exist, NOT that they don't have access to it. Then, even if they do remember to check this, there is no differentiator between the records you have access to and the ones you don't, requiring the user to take a screenshot of the records they do have access to know which ones they need to request access to. Instead of a Copy or Hidden icon in the Password column, show a Restricted icon and add Request Access in the record drop-down. You could essentially implement such a level without impacting existing setups, as no one would have this permission to begin with.
Sarge Posted March 20, 2019 Posted March 20, 2019 11 hours ago, Mark Gable said: it is not very intuitive to click on Passwords / Request Access to Passwords I'll agree with this aspect, the request access to passwords/password lists is not very intuitive and a lot of our users don't know the option exists until its pointed out. The rest of your post I may not be fully understanding, but sounds to me like the structure of your password lists/folders may need reviewing to achieve what you want.
Mark Gable Posted March 21, 2019 Author Posted March 21, 2019 The primary issue is that, if I set a Password List to "Hide Passwords from Non-Admin users", I cannot give a user access to one record to see the password because "you cannot apply Administrator permissions to an individual Password record". In addition, the user cannot request access to see the password, so they would need to know to look at the Password List permissions, IF they are allowed, to see who an administrator is to call or email for access to a password. THEN an administrator would either need to just tell the user the password or move the record to a different list so they can see it. If there was a View Records (only) permission, then you could give users access to see all the records, then apply view or edit (record/password) permissions to individual records. Ideally there should be... View Records Edit Records View Records & Passwords Edit Records & Passwords ...for activities such as assigning a user to update notes and custom or other fields when necessary without having access to passwords.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now