Permissions
There are two sets of authorisations in the Secrets area. The first relates to work with folders and the second relates to work with specific Secrets. Permissions can be defined for both a user and a group of users.
Permissions for Secrets can be set specifically on the Secrets themselves, but also on the folder in which the secrets are stored, with permissions on secrets being inherited from that folder.
Example:
User can share specific Secret from his personal folder:
It is not possible to adjust permissions on the personal folders but owner can adjust permissions on the Secret to grant access to another user:
- open the detail of the Secret
- go for the Sharing permissions tab and press button [+]
- select the user who is going to have access to the Secret
- select level of permissions for the user (see bellow): USE for possibility to use the password within the Connections, VIEW_PASSWORD for possibility to view the hidden password or just READ to display non-sensitive data stored in the Secret (except password)
- save the permissions
Now the user is going to see this Secret in the Shared with me tab on the Secrets - he can't access the Secret from the Folders tree because he doesn't have access to the folder, but he can access the Secret via Shared with me tab. The same process works for granting access for members of any group - just select a group instead of a user.
For related privileges see Privileges and Permissions chapter.
Available Permissions that can be defined for the Secrets in the ANT PAM: |
|
READ |
Can display the detail of the Secret |
|
WRITE |
Can edit the Secret |
|
DELETE |
Can delete the Secret |
|
USE |
Can use the Secret in the Connection |
|
PERM_WRITE |
Can adjust the permissions for the Secret |
|
VIEW_PASSWORD |
Can view the password |
|
EDIT_PASSWORD |
Can edit the password |
|
OWN |
Can do all operations with the Secret |
Available Permissions that can be defined for the Secret folders in the ANT PAM: |
|
READ |
Can see the content of the folder |
|
WRITE |
Can edit the folder |
|
DELETE |
Can delete the folder |
|
LIST |
Can see the folder in the folder structure |
|
PERM_WRITE |
Can adjust the permissions for the folder |
|
CREATE_SUBFOLDER |
Can create subfolder in specific folder |
|
CREATE_SECRET |
Can create the Secret in the folder |
|
OWN |
Can do all operations with the folder |