Customizing Roles For Your Company – Part One

10 05 2013

Secret Server uses Roles and Permissions to control access to various capabilities within the system.

In this two part blog post we will review how to set up customized roles and permissions to meet your company’s security policy.

Roles in Secret Server control what a user is allowed to do in the tool. Secret Server ships with three default Roles:
1. Administrator, which has the ability to perform any task.
2. User, which allows basic functions such as create, edit and viewing of Secrets.
3. Read Only User, which only allows a user to view Secrets and Audit Reports without edit capabilities.
Although Secret Server can be used right out of the box with these default Roles, each company should personalize the Roles to fit individual company needs.

Role

The default Roles can be edited and new Roles can also be created. For example, administration tasks can be delegated to different Administrators without giving them full control of the system (for example: Backup Administrator, Secret Template Administrator, Role Administrator and so on). An Auditor Role can also be created to give a user limited access to the system – such as to view Reports and to check compliance settings without having access to sensitive information. For more information on Roles, see our Secret Server Best Practices Guide (requires valid support).

Auditor Role

In the next part of this post we will go over how to set up permissions to control access to Secrets and Folders.


Comments : Leave a Comment »
Tags: , , ,
Categories : Uncategorized

Inheriting Permissions Based on Folders

29 07 2011

Inheriting Permissions based on Folders

It is possible for Secrets in Secret Server to inherit permissions from the folder where they are placed. For example, if you install a new managed switch in your network, instead of setting an Active Directory group or users for every network-based Secret, you set the Active Directory group or individual user accounts to the folder. That way, when an admin enters a new Secret into Secret Server they don’t have to worry about selecting all the people that need access. Instead, they can place it into the correct folder that already has the correct permission level. Not only does it save time, but it also ensures that everyone who needs access to a Secret has it.

Adding Permissions to a folder
First, move your mouse to the Administration tab, then select Folders.

Then select the folder you want to edit permissions on, select edit

From here you can add Active Directory groups and individual Secret Server users. They will have access to any Secret that inherits permissions with the level you select.

Having a Secret Inherit Permissions From a Folder

Click to expand the Secret, and then select view.

Now, select share.

From here, select edit.

Finally, check the “Inherit Permissions from folder” box.

That’s it! Now any user in the Active Directory group or one you manually added to the folder permissions will have access. You can also turn on this behavior by default with the “Default Secrets Inherit Permissions” setting on the configuration page. It is important to note that a user with folder-based permissions will have that level of access to any Secret in the folder .


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Secret Server, Security, Tips & Tricks


Follow

Get every new post delivered to your Inbox.