You are now logged in at Password Safe and have an empty database. Via the menu "edit" -> "user and group management" you open the management console for the user accounts. This menu item is available if you have also started a multiuser database and have accordant privileges for managing users and groups.
In the left array you can select the user or groups and in the right array you can edit them. Use the right mouse button, like usual under Windows, to edit or reset entries.
Icons in the toolbar
Opens the search bar. The search bar works the same way in all arrays.
Adds a new user (or with groups a new group)
Edits the user selected in the list
Locks or unlocks the selected users from the list
Deletes the selected user from the list
Changes the list outlook (big symbols, small symbols, list outlook, detail list and card outlook)
Active Directory Import (You can find further information in the chapter "Active Directory Connection")
There are several possibilities to set up users and groups. Either you set up your users and the group structure manually or you import them from the Active Directory, or a group and user structure from an optional Windows server. More information on the topic Active Directory you can find in the chapter "Active Directory connection". Following we go into the manual setup of users and groups.
At the manual setup of users and groups you should first of all think about the basic structure of your company. It makes sense and is also easier to administrate later on, if you arrange your users to a group first.
Example for the simple group structure:
•Administrators (this group is always available and can not be deleted)
- Administrator
•Company management
- Hans Muster (managing director)
•Purchase
- Meike Kauflust
- Irene Kruste
- Max Mann
•Sales
- Alexander Hauser
- Thomas Rieder
- Martina Sedelmaier
It is up to you in which order you set up groups and users. You can link groups and users with each other in both directions. In the example we initially set the groups. Click in the management of privileges in the left column on "groups". Afterwards you can add groups on the right side via the toolbar or the context menu.
Afterwards enter the name of the group and a description.
On the tab "members" members can be directly added to this group. Since we set up the groups first we assign the group later directly to the accordant user.
If all groups are set up the users have to be added now.
Now set up all users and define basic privileges. According to your management and group structure you can also set up the group before..
Enter the user name and all other required data in the tab "general". Hereby the use name is the login name and the displayed name in the whole system. With new uses it makes sense to set an initial password and the check mark "user has to change the password at the next login". So the user has to enter a new, safe password at the first login.
User has to change password at the next login
If you activate this option at the next login the user will be required to create a new safe password according to the database password guidelines you have defined. If the user does not create a new password the login will be aborted.
User can not change key word
If you activate this option the user can not change his/her password. The login password can normally be changed in the main window, in the menu "file" -> "my profile" -> "change my password".
User password never expires
If you activate this option the user is never requested to change his/her password after a certain period of time.
Account is deactivated/locked
If you activate this option the user can not login at the database. This will also be displayed visually in the login window and the search list.
Click on "add" to assign the user to one or more groups. You can also highlight several groups and allocate them per multiple selection.
On the tab "privileges" you can define basic privileges of the user. These privileges are data comprehensive and are therefore set up directly at the user.
•User can change database settings
Herewith you can permit or allow that the user can make setups on the database. The database settings affect all users.
•User can administrate users and groups (privileges)
Herewith you can permit or allow that the user can call up the privilege management and change user accounts.
•User can change main password
Herewith you can permit or allow that the user can change the main password of the database.
•User can change PUK
Herewith you can permit or allow that the user can change the PUK of the database account.
•User can export data backup
Herewith you can permit or allow that the user can export data.
•Use can import data backup
Herewith you can permit or allow that the user can import data.
•User can administrate logbook
Herewith you can permit or allow that the user can administrate the logbook.
•User can copy database
Herewith you can permit or allow that the user can copy the database via the menu item "copy database" to a data carrier or USB stick.
•User can change database password guidelines
Herewith you can permit or allow that the user can change password guidelines of the database.
•User can change sealing messages
Herewith you can permit or allow that the user can change the message options for seals.
•User can administrate auto backup
Herewith you can permit or allow that the user can change the auto backup functions.
•User can administrate applications
Herewith you can permit or allow that the user can administrate applications.
•User can administrate forms
Herewith you can permit or allow that the user can administrate forms.
•User can administrate label
Herewith you can permit or allow that the user can administrate labels.
•User can set up USB stick
Herewith you can permit or allow that the user can set up a USB stick via the menu "configure USB stick".
•User can set up auto login
Herewith you can permit or allow that the user can set up the auto login for the automatic login to Password Safe.
•User can start a remote desktop access
Herewith you can permit or allow that the user can use the remote desktop access out of Password Safe.
•User can administrate active user list
Herewith you can permit or allow that the user can administrate the active user list.
•User can export records to the list (XML data exchange)
Herewith users can export records from the list (XML file).
•User can import records to the list (XML data exchange)
Herewith users can import records to the list (XML file).
Change privileges for several users:
Privileges can also be used for several users. Highlight the relevant users in the "user and group management" dialogue. Choose in the context menu "click with the right mouse button on the marked user" the option "change user rights". Afterwards the privilege dialogue opens in which the privileges can be selected. As an equivalent this also applies in the groups. So you can for example give certain privileges to all members of a group.
On the tab "Active Directory" you can allow the authentication via Active Directory (AD). So the user can log on Password Safe with his/her password from the AD. If additionally the "automatic login" is being activated the logon at the database is made directly by means of the AD user. Therefore a password entry is no longer necessary. This option should only be activated in trustworthy surroundings. Furthermore you can define if the login is only possible if the Windows login name conforms to the user name in Password Safe. For example a user change is only possible if the user logs on at Windows accordingly as another user.
Delete Active Directory Identification:
The link-up of the user with the Active Directory User can be deleted by means of the button "delete Active Directory Identification". Afterwards the user acts as a normal Password Safe user. When importing again the allocation can be recreated (with the help of the user name). You can get more information under Active Directory - settings.
Restrictive users are restricted users who are only allowed to administrate the "rights and unlockings". Here you can find out more about the general information/proceeding on the restrictive user.
Notice:
The restrictive user can not administrate himself/herself. Optionally he/she even can be administrated only by certain users/groups.
The restrictive user can only access data which he/she can also access according to "rights and unlockings". We recommend to add the user to the group "administrators", so he/she has the necessary access rights to manage the unlockings. Alternatively you can also authorize the user manually for folders and records.
Restrictive user (no access to protected data)
If this option is activated the user is a "restrictive user". This option can be activated and deactivated.
User can create a new users
When activating this option the user can start new users and can also access the Active Directory gateway (Active Directory is only available in the Enterprise Edition).
User can edit an existing user
Hereby existing users can be edited, for example the group memberships.
User can reset user passwords
This option entitles the restrictive user to reset user passwords.
User can reset admin user passwords
If this option is activated the user can change administrator passwords.
User can edit user rights
When activating this option the restrictive user can manage and edit the rights of other users.
Only certain users/groups can manage this user
This option decides who is allowed to manage the restrictive user. This can be single users or groups.
On the tab "miscellaneous" you can find information when the user has been created or changed and who did it. Furthermore you can see when the user has logged on the last time and from which IP address the login has been carried out.
So that a user can log on you have to assign an initial password to the user. This is possible via the context menu in the user list. Select one or several users and choose "set password" in the context menu. Then enter a safe password in the password assistant and follow the instructions of the assistant.