Permissions for Secrets

Permissions allow a Management Tool user with the Management Tool Access administrative permission to define which functions a user will be able to perform with a secret (or with the secrets stored in a folder in the Tree-View folder structure) and are defined when adding or editing a secret (or when adding or editing a folder) on the Users & Permissions tab.

Granting Permissions to Users of Secrets

Role Type permissions are granted to users / user groups of a secret by selecting (in the Role Type column) either:

• Owner: Allows the user (or the users in a user group) to grant any Role Type or advanced permissions, view secret/folder data (including the credentials of shared privileged accounts), edit the secret/folder, delete the secret/folder, configure remote password rotation, and use the secret to access the associated account.

NOTE: As a root user, the built-in default admin user of Ekran System has the Owner Role Type permissions for all secrets, and is therefore able to both edit and access all secrets added by other Ekran System users.

• Editor: Allows the user (or the users in a user group) to grant the Editor and PAM User Role Type permissions and the View Password advanced permissions, view the secret data/folder, edit the secret/folder, and use the secret to access the associated account.

• PAM User: Allows the user (or the users in a user group) to use the secret to access the associated account.

Advanced permissions are granted to users / user groups of a secret, by selecting the appropriate checkboxes (

) in the following columns:

• View Password (

): Allows the user (or the users in a user group) to view and copy the secret's password in the Ekran System Connection Manager, and can only be enabled by users with the Owner or Editor Role Type permissions for the secret.

• File Transfer (

): Allows the user (or the users in a user group) to transfer files using the WinSCP application via the Ekran System Connection Manager, and can only be enabled for users / user groups with the Owner or Editor Role Type permissions for the secret.

NOTE: If permissions are granted to a user group, all users belonging to this group will inherit these permissions.

Viewing Permissions

The Role Type permissions granted to users of secrets are displayed on the Users & Permissions tab on the Password Management page in the Management Tool. The list of permissions is displayed in the form of grid which includes the following information in the corresponding columns:

• User/Group Name: The name of the user / user group of the secret to which the Role Type permissions are granted.

• Secret Name: The name of the secret for which the Role Type permissions are granted to the user / user group.

• Secret Type: The type of the secret for which the Role Type permissions are granted to the user / user group.

• Permissions: The Role Type permissions granted (Owner, Editor, or PAM User) to the user / user group of the secret.

• Description: The description of the secret for which the Role Type permissions are granted to the user / user group.

To search for the required permissions, type a search expression (i.e. keyword).

To filter the information about the permissions in the grid, use the filters:

• Secret Name: Allows filtering of the permissions by the specific name of a secret for which the permissions are granted.

• User group: Allows filtering of the permissions by a specific user group to whom the permissions are granted.

• User: Allows filtering of the permissions by a specific user to whom the permissions are granted.

To sort the columns in the grid, click the required column header. You can change the column sort order from ascending to descending, and vice versa by clicking the corresponding column header again. If the data is not sorted by a column, the Sort arrow is not shown in the column header.

Table of Contents

Granting Permissions to Users of Secrets

Viewing Permissions