You are now logged in at Password Safe and have an empty database. Via the menu "edit" -> "user and group management" you open the management console for the user accounts. This menu item is available if you have also started a multiuser database and have accordant privileges for managing users and groups.

 

mu_user_and_groups

 

mu_ug_console

 

In the left array you can select the user or groups and in the right array you can edit them. Use the right mouse button, like usual under Windows, to edit or reset entries.

 

Icons in the toolbar

 

btnFind Opens the search bar. The search bar works the same way in all arrays.

 

btnUser1_add Adds a new user (or with groups a new group)

 

btnUser1_edit Edits the user selected in the list

 

btnUser1_lock Locks or unlocks the selected users from the list

 

btnUser1_delete Deletes the selected user from the list

 

btnAppSearchApplication Changes the list outlook (big symbols, small symbols, list outlook, detail list and card outlook)

 

AD_Import_Icon Active Directory Import (You can find further information in the chapter "Active Directory Connection")

 

Setup of groups and user accounts

There are several possibilities to set up users and groups. Either you set up your users and the group structure manually or you import them from the Active Directory, or a group and user structure from an optional Windows server. More information on the topic Active Directory you can find in the chapter "Active Directory connection". Following we go into the manual setup of users and groups.

 

At the manual setup of users and groups you should first of all think about the basic structure of your company. It makes sense and is also easier to administrate later on, if you arrange your users to a group first.

 

Example for the simple group structure:

 

Administrators (this group is always available and can not be deleted)
- Administrator

Company management
- Hans Muster (managing director)

Purchase
- Meike Kauflust
- Irene Kruste
- Max Mann

Sales
- Alexander Hauser
- Thomas Rieder
- Martina Sedelmaier

 

It is up to you in which order you set up groups and users. You can link groups and users with each other in both directions. In the example we initially set the groups. Click  in the management of privileges in the left column on "groups". Afterwards you can add groups on the right side via the toolbar or the context menu.

 

mu_new_group

 

Afterwards enter the name of the group and a description.

 

mu_edit_new_group

 

On the tab "members" members can be directly added to this group. Since we set up the groups first we assign the group later directly to the accordant user.

 

If all groups are set up the users have to be added now.

 

mu_ug_menu

 

Now set up all users and define basic privileges. According to your management and group structure you can  also set up the group before..

 

mu_edit_new_user_common

 

Enter the user name and all other required data in the tab "general". Hereby the use name is the login name and the displayed name in the whole system. With new uses it makes sense to set an initial password and the check mark "user has to change the password at the next login". So the user has to enter a new, safe password at the first login.

 

General settings to the user account

User has to change password at the next login

If you activate this option at the next login the user will be required to create a new safe password according to the database password guidelines you have defined. If the user does not create a new password the login will be aborted.

 

User can not change key word

If you activate this option the user can not change his/her password. The login password can normally be changed in the main window, in the menu "file" -> "my profile" -> "change my password".

 

User password never expires

If you activate this option the user is never requested to change his/her password after a certain period of time.

 

Account is deactivated/locked

If you activate this option the user can not login at the database. This will also be displayed visually in the login window and the search list.

 

 

Membership in a group

On the tab "membership" you can assign the user to the groups set up before.

 

mu_edit_new_user_members

 

Click on "add" to assign the user to one or more groups. You can also highlight several groups and allocate them per multiple selection.

 

Define general basic privileges of the user

On the tab "privileges" you can define basic privileges of the user. These privileges are data comprehensive and are therefore set up directly at the user.

 

mu_edit_new_user_right

 

User can change database settings
Herewith you can permit or allow that the user can make setups on the database. The database settings affect all users.

User can administrate users and groups (privileges)
Herewith you can permit or allow that the user can call up the privilege management and change user accounts.

User can change main password
Herewith you can permit or allow that the user can change the main password of the database.

User can change PUK
Herewith you can permit or allow that the user can change the PUK of the database account.

User can export data backup
Herewith you can permit or allow that the user can export data.

Use can import data backup
Herewith you can permit or allow that the user can import data.

User can administrate logbook
Herewith you can permit or allow that the user can administrate the logbook.

User can copy database
Herewith you can permit or allow that the user can copy the database via the menu item "copy database" to a data carrier or USB stick.

User can change database password guidelines
Herewith you can permit or allow that the user can change password guidelines of the database.

User can change sealing messages
Herewith you can permit or allow that the user can change the message options for seals.

User can administrate auto backup
Herewith you can permit or allow that the user can change the auto backup functions.

User can administrate applications
Herewith you can permit or allow that the user can administrate applications.

User can administrate forms
Herewith you can permit or allow that the user can administrate forms.

User can administrate label
Herewith you can permit or allow that the user can administrate labels.

User can set up USB stick
Herewith you can permit or allow that the user can set up a USB stick via the menu "configure USB stick".

User can set up auto login
Herewith you can permit or allow that the user can set up the auto login for the automatic login to Password Safe.

User can start a remote desktop access
Herewith you can permit or allow that the user can use the remote desktop access out of Password Safe.

User can administrate active user list
Herewith you can permit or allow that the user can administrate the active user list.

User can export records to the list (XML data exchange)
Herewith users can export records from the list (XML file).

User can import records to the list (XML data exchange)
Herewith users can import records to the list (XML file).

 

 

 

Change privileges for several users:

Privileges can also be used for several users. Highlight the relevant users in the "user and group management" dialogue. Choose in the context menu "click with the right mouse button on the marked user" the option "change user rights". Afterwards the privilege dialogue opens in which the privileges can be selected. As an equivalent this also applies in the groups. So you can for example give certain privileges to all members of a group.

 

mu_changeuserrights

 

Active Directory

On the tab "Active Directory" you can allow the authentication via Active Directory (AD). So the user can log on Password Safe with his/her password from the AD. If additionally the "automatic login" is being activated the logon at the database is made directly by means of the AD user. Therefore a password entry is no longer necessary. This option should only be activated in trustworthy surroundings. Furthermore you can define if the login is only possible if the Windows login name conforms to the user name in Password Safe. For example a user change is only possible if the user logs on at Windows accordingly as another user.

 

mu_edit_ad_user

 

Delete Active Directory Identification:

The link-up of the user with the Active Directory User can be deleted by means of the button "delete Active Directory Identification". Afterwards the user acts as a normal Password Safe user. When importing again the allocation can be recreated (with the help of the user name). You can get more information under Active Directory - settings.

 

Restrictive user

Restrictive users are restricted users who are only allowed to administrate the "rights and unlockings". Here you can find out more about the general information/proceeding on the restrictive user.

 

Notice:

The restrictive user can not administrate himself/herself. Optionally he/she even can be administrated only by certain users/groups.

The restrictive user can only access data which he/she can also access according to "rights and unlockings". We recommend to add the user to the group "administrators", so he/she has the necessary access rights to manage the unlockings. Alternatively you can also authorize the user manually for folders and records.

 

mu_edit_restrictive_user

 

Restrictive user (no access to protected data)

If this option is activated the user is a "restrictive user". This option can be activated and deactivated.

 

User can create a new users

When activating this option the user can start new users and can also access the Active Directory gateway (Active Directory is only available in the Enterprise Edition).

 

User can edit an existing user

Hereby existing users can be edited, for example the group memberships.

 

User can reset user passwords

This option entitles the restrictive user to reset user passwords.

 

User can reset admin user passwords

If this option is activated the user can change administrator passwords.

 

User can edit user rights

When activating this option the restrictive user can manage and edit the rights of other users.

 

Only certain users/groups can manage this user

This option decides who is allowed to manage the restrictive user. This can be single users or groups.

 

Miscellaneous

On the tab "miscellaneous" you can find information when the user has been created or changed and who did it. Furthermore you can see when the user has logged on the last time and from which IP address the login has been carried out.

 

Set password

So that a user can log on you have to assign an initial password to the user. This is possible via the context menu in the user list. Select one or several users and choose "set password" in the context menu. Then enter a safe password in the password assistant and follow the instructions of the assistant.