What are predefined rights?
can naturally be carried out separately for every record. Although this method enables you to very closely control every intended permission structure, it is not really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who should also receive permissions to access data are forgotten. In addition, there is the fact that many users should not even have the right to set permissions. “Predefining rights” is a suitable method to simplify the issuing of permissions and reduce error rates by using automated processes. This page covers the configuration of predefined rights, please also refer to the sections and their .
Organisational structures as a basis
can be very useful in many areas in Password Safe. In this example, they provide the basic framework for the automated granting of rights. In the broadest sense, these organisational structures should always be entered in accordance with existing departments in a company. The following example specifically focuses on an IT department. The following 3 hierarchies () have been defined within this IT department:
- IT employee
- IT manager
In general, a more senior, managerial employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structures can be predefined. In the module, we now select those OUs (departments) for which rights should be predefined and select *predefine rights” in the ribbon.
- Creating the first template group: A modal window will appear after clicking on the icon for adding a new template group (green arrow) in which a meaningful name for the template group should be entered.
Roles and users can now be added to this template both via the ribbon and also via the context menu (right mouse click). This was already completed in the next step. The role IT employee only has read rights, the IT manager also has write rights and the capability of managing permissions. Administrators possess all available rights. Configuration of the rights structures is explained in the .
Adding other template groups
It is also possible to configure several different rights templates within one department. This may be necessary e.g. if there are several areas of competency within one department which should each receive different permissions. Alongside the IT general area, the template groups Exchange and Firewall have also been defined below.
A default template group can be defined directly next to the drop-down menu for selecting the template group (green arrow). This is always preconfigured when you select “IT” as the OU to save records.