Limited Admin Access

Version as of 12:09, 25 Jun 2019

to this version.

Return to Version archive.

View current version

Setting up additional account(s) with administrative permissions can reduce the access your Admin user manages day-to-day, and may minimize the number of visible folder/password entries.

Below are example scenarios.

Limited Folder Access

Example steps:

  1. Roles: Setup another Administrative Role
  2. Set the Permissions: include the ability to Administer Users with this role
  3. Assign this Role to other user(s), who will function with limited admin access
  4. Selectively assign this Role to the Folders / Entries you wish them to view/manage.

 

Add or remove any additional access as needed for the role.

No User Admin Access

Perhaps an administrative user will not need ability to manage users, but still would have other adminstrative access such as Auditing/Reporting/Managing folders/entries, etc.

Example steps:

  1. Roles: Setup another Administrative Role
  2. Set the Permissions: do not include the ability to Administer Users with this role
  3. Assign this Role to user accounts, who will function with limited admin access
  4. Selectively assign this Role at the Root folder, or to the Folders / Entries you wish them to manage.

 

Add or remove any additional access as needed for the role.

No Password Access

Sometimes provisioning teams/roles do not need to know the passwords, but it is helpful to have them administrate nevertheless. A provisioning team members could add and remove access to credentials without having access to the password.

Example steps:

  1. Log in as admin.
  2. Roles: Create a new Role, "Provisioning Team"
  3. Access Levels: Create a "Provisioning Team" Access Level with the same set up as Full+Grant+Block but set "View Entry Password" to false. Optionally, set "Modify Entries" to false (modify passwords).
  4. Home: Root > Folder Actions >Security > Add Access for Role > Role- Provisioning Team, Access Level- Provisioning Team
  5. User: Create a new user and assign them the Provisioning Team role.


Add or remove any additional access as needed for the role.