What are predefined rights?

Setting permissions for records can naturally be carried out separately for every record. Although this method enables you to very closely control every intended permission structure, it is not really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who should also receive permissions to access data are forgotten. In addition, there is the fact that many users should not even have the right to set permissions. “Predefining rights” is a suitable method to simplify the issuing of permissions and reduce error rates by using automated processes. This page covers the configuration of predefined rights, please also refer to the sections Working with predefined rights and their Scope of validity.

Organisational structures as a basis

Organisational structures can be very useful in many areas in Password Safe. In this example, they provide the basic framework for the automated granting of rights. In the broadest sense, these organisational structures should always be entered in accordance with existing departments in a company. The following example specifically focuses on an IT department. The following 3 hierarchies (roles) have been defined within this IT department:

  • IT employee
  • IT manager
  • Administrator

Predefining rights

In general, a more senior, managerial employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structures can be predefined. In the organisational structure module, we now select those OUs (departments) for which rights should be predefined and select *predefine rights” in the ribbon.

  • Creating the first template group: A modal window will appear after clicking on the icon for adding a new template group (green arrow) in which a meaningful name for the template group should be entered.

Roles and users can now be added to this template both via the ribbon and also via the context menu (right mouse click). This was already completed in the next step. The role IT employee only has read rights, the IT manager also has write rights and the capability of managing permissions. Administrators possess all available rights. Configuration of the rights structures is explained in the appropriate section.

Adding other template groups

It is also possible to configure several different rights templates within one department. This may be necessary e.g. if there are several areas of competency within one department which should each receive different permissions. Alongside the IT general area, the template groups Exchange and Firewall have also been defined below.

A default template group can be defined directly next to the drop-down menu for selecting the template group (green arrow). This is always preconfigured when you select “IT” as the OU to save records.

Issuing tags for predefining rights

In the same way that permissions are defined within rights templates, it is also possible to automatically set tags. Their configuration is carried out in the same way as issuing tags for records.

This process ensures that a special tag is automatically issued when using a certain template group. Example cases can be found in the relevant section.

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.