Private Folders

Users can be granted their own private password vault where individuals can store their own credentials, and where the access could also be hidden from the adminstrators, IT staff, and other users.

These settings can be accessed from:

  • Version 7.9.7+: Advanced -> Private Folders
  • Previously: Users and Roles -> Private Folders

Who can see Private Folders?

  • By default, these folders can be hidden from administrators, when "Automatically Block Inheritance" is set.
  • A user has Full+Grant access.
  • Database access is possible for those who are fully authenticated & authorized on the server machine, although password viewing is encrypted.

Private Folder Settings

  • Automatically Create Private Folders - for Imported Active Directory users: when users are imported manually/automatically, their Private Folder will also be created immediately.
  • Automatically Block Inheritance: any folder created with this option will be inaccessible to administrators.
  • Default Access: by default, users are given Full+Grant on their own private folder, so they can grant access to others if they want to.

Adding a Private Folder Manually

After a new user has been created, you can give them their own folder by:

  • Finding the user's name in the list of Private Folders, and Click Create

Hiding Private Folders From Admins

By default, Personal folders are not hidden from administrators. However, as an advanced feature, admin access can also be blocked by using "Block Inheritance" on the Private Folder.

Option A: Keep Blocked Access Locked

The setting "Automatically Block Inheritance" can be turned on from the start. Each subsequent Private Folder will be hidden.

Option B: Allow Restoration of Access

If you wish it to be reversible, but still don't want to allow admins regular day-to-day access, this must currently be setup manually for the individual user folder.

Follow these steps per individual:

  1. Uncheck the option "Automatically Block Inheritance"

  2. Create a new access Level:

    • In the web client navigate to: Access Levels tab.
    • Click Add New Access Level to create a custom access level with a name like Restore Inheritance.
    • Select only the Set Block Inheritance box and click Save.

  3. Assign the new access Level permission:

    • From Web client Home -> Select the Private Folders folder -> Folder Actions -> User Access -> Add Access for User
    • And give someone trustworthy (such as yourself) the Restore Inheritance access level
      • In the Request-Approve workflow, it's possible to assign this access to a "Dual Control" role
    • If Private Folders doesn't exist, you may need to create a folder for someone first from Users & Roles -> Private Folders.

  4. Block Access Inheritance:

    • Navigate to: User Access -> Click Block Access Inheritance,
    • Read the warning, and proceed (if you so choose). 
    • You should now see an icon next to the folder indicating that inheritance is blocked and you shouldn't be able to view inside the folder.

Tag page
You must login to post a comment.