Jump to content

Guide to set up Folder Structure and Permissions for an MSP

Recommended Posts

If you are a Managed Service Provider, please consider the below information which can help you design your Folder and Password List structure, and Permissions.  Every company is different so please adjust this to suit your needs.


What to consider for Permissions:

First thing we’d recommend is using our propagating permission model, which means you set permissions at a top level folder, and those permissions filter down to all nested folders and passwords lists.  More info about this can be seen here:  https://www.youtube.com/watch?v=7aDttATBA38.


Next , consider the three different permission levels you can apply:


1. View permissions allows the users to only view Password Records in a List

2. Modify permissions allows them to view and change the passwords in a list

3. Admin access gives users both of the above but also allows users to change settings on the Password List.  This is can be too much access for some companies, as users with admin access could then go in a change permissions, or other sensitive settings like the password strength policy. 


**Note** A Passwordstate Security Administrator, who has access to the Administration tab, can always administer permissions and settings for folders and Password Lists, even if they do not have access to those items under the Passwords tab.


We recommend using Security Groups to apply permissions throughout the software.  This ensure better performance and makes it easier to manage permissions instead of applying access for individual users.  More information about Security Groups can be seen in this video:  https://www.youtube.com/watch?v=iMeslOfz2Rs



With this in mind, you could create three different security groups, one for each level of access, as per screenshot below:





Setting up Folders and Password Lists:

An example folder structure you could use would be to create one top level folder for each customer, and then nest Password Lists underneath that folder which are similar in nature.  Then apply View, Modify and Admin access as follows - This means people in the View Security group can see all Passwords, for all customers, and Modify can change passwords for all customers etc:



An alternative design you could consider, if you would prefer your permissions to be set up based on Teams, would be to create one security group for each team, such as Help Desk, Desktop Support, Network Support, and apply those permissions to a relevant folder nested beneath the Customer.  For this to work, you should set Manual Permissions on the Top Level Customer Folder for all users to have View Access, and then apply Propagating Permissions for each team below.  Below are a couple of screenshots to help explain this:





Now if I log into Passwordstate as a member of the "Desktop Team", this is what they will see - Notice they only have access to their own folder in each of the Customer folders:



More Hints and Tips to help control your folder structure:

Tip #1:

You could consider locking down the ability to create Folders, or Password Lists in the root of Passwords home.  This way, your users will only have the ability to work within their own folder.  This can be configured under Administration -> Feature Access -> Folder Options and Password List Options:





Tip #2:

You can deny users from creating Folder and Password Lists completely, if you want to delegate this control to the Passwordstate Security Admins.  This can be set under Administration -> Feature Access -> Menu Access:




Tip #3:

One tip to save you a lot of time is to plan building one Folder structure with all Password Lists and Permissions set correctly, and then clone that folder for all other customers.  This video describes how to do this: https://www.youtube.com/watch?v=g7-j90z4Amc




This should help get you started, and if you have any questions about setting up Passwordstate, please don't hesitate to contact Click Studios on support@clickstudios.com.au.









Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...