Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi
One of our security restrictions is that no password is stored anywhere. We can store userids though. I suppose it's the option "Always prompt for password", but I can't find the way to enforce it.
I can only give Full Control to Private Objects in the Credentials tree, is there a way to finetune this?
Thanks in advance
Posts: 11,101
Threads: 100
Joined: Aug 2006
Reputation:
201
No currently not - but we can add a security option for that asap :-)
Regards/Gruss
Oliver
Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi Oliver
Yes please! :D
Thanks!
Shaw
Posts: 11,101
Threads: 100
Joined: Aug 2006
Reputation:
201
One question for the feature request - we are discussing two different scenarios how to implement - and I want to know how you think about it :-)
1) It will be a global setting in Settings=>Permissions => Enforce using of "Always prompt for password" in credential objects
=> This means that all users including the users who are assigned to the Administrators group will not be able to set any password!
2) It will be a global security assignment with the same text
=> This means that all users who are assigned to a security group where this setting has been activated will not be able to set any passwords - but the users in Administrators group will be - because the Administrators have currently all permissions and we can't know if this option is used or not (Global security assignments of Administrators group can't be edited)
So we would prefer Option 1 - can you confirm that this is the way you expect the feature?!?
Thanks
Regards/Gruss
Oliver
Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi Oliver
Option 2 would be neat, our Security Officers would very much prefer option 1 though... All or nothing. So, for me, option 1 is perfect.
Regards
Shaw
Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi Oliver
The option works like a charm! Thank you very much!
Unfortunately it ignores previously entered credentials, so if they already exist, the system leaves them be.
Is there a way to empty the credentials folder for all configured teams? Through a sql script maybe?
Thanks in advance
Shaw
Posts: 11,101
Threads: 100
Joined: Aug 2006
Reputation:
201
We discussed this internally - maybe we had ask you before the Patch :-)
SQL scripting is not possible - MultiEdit would be possible but must be done by every user for the private credentials...
Would you like also to ignore any existing creds if the option is activated? Would be no big effort to implement
Regards/Gruss
Oliver
Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi Oliver
If by ignore you mean enforce prompt for password for existing credentials as well, then yes, please.
Regards
Shaw
Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi Oliver
Will this be a small fix? Or are you planning a minor update?
Kind regards
Shaw
Posts: 11,101
Threads: 100
Joined: Aug 2006
Reputation:
201
Could be implemented in a private fix :-) I will inform you
Regards/Gruss
Oliver
Posts: 33
Threads: 10
Joined: Apr 2017
Reputation:
0
Hi Oliver
It works perfectly, thank you very much!!
Regards
Shaw