Jump to content

Restrict Access to Sites and Hosts based on role

Biza N

Recommended Posts

Synopsis of Feature Request:

Provide a restriction method either via user and/or group that allows assigning more granular permissions to users. Allowing restriction similar to client access where a user can only see one site, but extend that functionality to licensed users so you could have teams or users responsible for certain hosts, or client sites (MSP remote-site Locations) while still allowing them access to write, update and all other functions. 


Current Behavior:

  • All licensed users can view all hosts
  • When creating passwords and in various areas in the site, drop downs or selections allow users to select any site (internal, client 1, client 2) from menus
  • Internal is the default for all licensed users and can not be removed


Requested Behavior:

  • Restrict users access to one or more sites
  • User permissions can be set like currently, read, write, discover hosts, but all functions restricted only to site(s) they have access to. (internal, client 1, client 2, etc)
  • Can only view or connect to hosts at sites they have permission for.
  • No evidence or ability to view, see or access any other sites. - Won't be even able to see Client 2 as a drop down if they don't have permission for that site.
  • Set different site as default, removing permission from internal and assigning to say Client 1 and Client 2, but not Client 3 or Internal. - Use case, help desk or third-party NOC you don't want in internal systems


Benefit of Implementing Feature Request:

MSPs or others managing passwords for clients or multiple offices would purchase additional licenses so that "end-users" or "client-admins" could add and edit records, providing additional revenue for passwordstate.   While the free client licenses are an added benefit, there would be the ability to upgrade a client to a full user just for their site(s).  This would reduce the time of the MSP updating records by allowing their clients to directly access, save or edit passwords. It would also allow them to provide Remote Session Launcher to end users reducing the cost of providing a third-party remote connection tool for clients to access their workstations / pc's remotely.





Link to comment
Share on other sites

  • 2 weeks later...

Hi Biza N,


Today we've released Build 8679 which includes a new button to remove the ability to view all hosts in the system.  Below is a screenshot of where this can be found, and in conjunction with locking down permissions on Host folders, we hope this will help with this request.  We'd recommend using the option to not allow certain users from being able to Add/Edit or Delete Folders under the Hosts tab, as well as the new button which removes the View All Hosts option on Hosts Home page.





We hope this helps!


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...