Block Customised Admin from Importing\Updating Domain users\groups

Richard.Rankin · ‎04-05-2018

Vault 2019 introduces customised roles based on selecting individual permissions.

A wish has come in from a customer trying to comply with their IT's Security policy to specifically block only the ability to Import\Update Windows Authenticated Users and Groups.

Specifically the commands:

Import Domain User
Promote to Domain User
Demote Domain User
Import Domain Group
Promote to Domain Group
Demote to Domain Group
Update Domain Group

Removing the "User Create" blocks the creation of ALL users. They still need their Vault Admins the ability to manage Vault user accounts.

ihayesjr · ‎04-05-2018

Richard.Rankin · ‎04-06-2018

Not sure why these did not get uploaded but these are the commands that the customer wanted restricted.

ihayesjr · ‎04-06-2018

The story the customer is trying to solve is to stop anyone else with an Administrator role from adding new groups or new members that should have access to Vault. However the user can still create Vault Users and Groups and give access to members who shouldn't have access. This request doesn't solve the problem.

Community

Block Customised Admin from Importing\Updating Domain users\groups

Block Customised Admin from Importing\Updating Domain users\groups

Forums Links

Submit Idea