How are users managed in Password Safe?
The way in which users are managed is highly dependent on whether Active Directory is connected or not. In , Active Directory remains the leading system. Accordingly, users are then managed on AD. If Password Safe is the leading system e.g. in , users are managed in the organisational structures module. More details are provided in the relevant sections.
Adding local users
- Allocated roles: New users can be directly allocated one or more roles when they are created
- Change password on next login: The user will be prompted to change their user password on the next login (obligatory)
- Account is deactivated: The user is created with the status “deactivated”. The account is thus not useable. The write rights for a user can be set/removed with this option. In editing mode, the account can also be deactivated during ongoing operation.
- Restricted user: Controlling entities exist in many companies that are only tasked with checking the integrity and hierarchies of various pieces of information with one another but are not required to productively work with the information themselves. This could be a data protection officer or also an administrator in some cases. This would be the case if an administrator was responsible for issuing permissions to other people but should not be able to view the data themselves. The property restricted user is used to limit the visibility of the password field. It thus deals with purely administrative users or controlling entities.
The second tab of the wizard allows you to define the permissions for the newly created user. If an allocated organisational unit or a rights template group was defined in the first tab, the new user will inherit its permissions. Here, these permissions can be adapted if desired.
Configuring user rights
Users always receive their user rights via a role, which is either user-specific or global (see ). If no role is defined in the first tab “Create user”, the third tab will thus contain globally defined user rights.