Mcsirl Posted December 17, 2019 Share Posted December 17, 2019 Hi Guys, We have a user in our company who is responsible for all Audit tasks. Previously the external auditors would come to me and we would sit down and print-screen which users had access to the specific passwords they requested. Also they would ask me to print screen the history of the password so they could see when changes were made to the password. Is there a way for me to give this access to the above new Audit person without giving him access to any of the passwords ? I cant find a way to do this so any help would be greatly appreciated. Basically the audit user need access to view password/list permissions and also password history. Thanks Alan Link to comment Share on other sites More sharing options...
support Posted December 17, 2019 Share Posted December 17, 2019 Hi Alan, There are a couple of Security Administrator roles that you could assign to assist with this i.e. to give them access to the Auditing screen in the Administration area, and maybe the Reporting screen. Each of the Nodes in the Navigation Tree in the Administration area are separate roles for Security Administrators. The one which is not possible is Password History - you must have access to the Password List in order to view the history of changes to records. There is auditing data for 'Password Updated', but that does not necessarily mean the value of the password has been updated - it could be other fields as well. Regards Click Studios Link to comment Share on other sites More sharing options...
Mcsirl Posted December 18, 2019 Author Share Posted December 18, 2019 Thanks for the quick reply, Ive assigned the user Reporting, Auditing and Auditing Graphs in Security Administrator Roles. But they still are unable to view the password list permissions ? Can you talk me through how to allow this for the audit user pls ? Thanks Alan Link to comment Share on other sites More sharing options...
support Posted December 18, 2019 Share Posted December 18, 2019 Hi Alan, If you've assigned them the Reporting role, then they can run the reports regarding permissions on the screen Administration -> Reporting. Can you confirm if they have access to this? Regards Click Studios Link to comment Share on other sites More sharing options...
Mcsirl Posted December 19, 2019 Author Share Posted December 19, 2019 Hi, Yes i can confirm they have this access, but theres no way to run a report on an individual password or password list. The only options i have are : 1. What permissions exist (all users and security groups)? 2. What permissions exist for a user? 3. What Permissions exist for a Security Group? 4. What permissions exist for all shared password records (enumerated permissions report)? What im looking for is that the audit user can click on a password list (but not the individual entries in it) so as to see the password list permissions like the screenshot attached..... Link to comment Share on other sites More sharing options...
support Posted December 19, 2019 Share Posted December 19, 2019 Hello Mcsirl, That's correct - the Reporting And Password Lists screens in the Administration area is for all Shared Password Lists, but they could just filter out the results in the export. If you don't want them doing this, then unfortunately your only options are to either continue with the process you have, or give them access to the individual Password Lists. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now