Jump to content

Restrict Access to Hosts based on role


Daniele

Recommended Posts

Hi everyone,

 

I've already read this post:

 and I've updated my Passwordstate to the latest build (v.8679).

I've applied the restriction as shown in the image below:

2019-04-26_11-15-30.thumb.png.71372a514ac6cd7b2d2547c1b2d840f3.png.40c988b9891378ef31794ffed22fdf7e.png

 

and actually, now, users not included in the "Hosts Home Button Permissions" have no access to the button "View All Hosts Records" in the hosts statistics.

 

But, unfortunately they are still able to see all the hosts searching them in the search bar typing part of their name. Example: a user with no access to any hosts' folder can still search the string "." (dot) in the hosts tab and the browser will create a "Temporary Folder Access" with all the hosts whose name field has a dot inside.

 

User with no host's folder access and without "Hosts Home Button Permissions":

01.thumb.jpg.4b1e06ebb118391d18b72789dab65365.jpg

 

Once he search "." in the search bar he sees this:

02.jpg.f53454d2e58696a316eb1673ff0d0479.jpg

 

And if he clicks on a host shown in the "Temporary Folder Access" he can actually see all the host's details:

03.thumb.jpg.41c87bb5718885fa100203bfd537120d.jpg

 

Is there a way to avoid this kind of information disclosure for certain users/groups? Am I missing something in the correct implementation?

 

I really appreciate how Passwordstate manages policies on the passwords side, but it's very important for an organization with contractors/freelances not to give them unwanted information about hosts.

 

Thank you.

Link to comment
Share on other sites

Hi Daniele,

 

Sorry about this, and the reason this is possible is because we're trying to change the software for you to meet your requirements, and it's not really designed to do exactly what you want. We do not have the concept of permissions on Host records, but possibly the following option will help.

 

With the feature below, if you remove permissions to this feature, then that 'Temporary Folder Access' folder will no longer be shown. This means you must use 'Remote Session Credentials' for user's to login to Hosts, and you will not be able to use any local login accounts from within the Passwords tab.

 

Does this help at all?

hostpermissions.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...