Hi,
Still testing password vault and I noticed that when I create a second administrator (e.g: admin2) and when I create a security group admin1_private I cannot revoke the viewing,adding, editing nor deleting rights from admin2 on this security group.
In the Security Group Rights window you can per user add or remove certain rights. When I however deselect the rights on admin2 and click save, the rights are not revoked. The popup window just disappears without a warning. When opening the security group rights window again it is clear that permissions are not limited.
This is really a shortcoming for us since we don't think an administrator should have viewing rights (or other rights) on every entry. An administrator should be user that can administrate users, security groups and roles. As long as auditing is done it isn't even a problem that an administrator can change its own rights, because at least you would have an audit trail and know if an admin is doing things he isn't supposed to do.
Kind regards,
Peter
Still testing password vault and I noticed that when I create a second administrator (e.g: admin2) and when I create a security group admin1_private I cannot revoke the viewing,adding, editing nor deleting rights from admin2 on this security group.
In the Security Group Rights window you can per user add or remove certain rights. When I however deselect the rights on admin2 and click save, the rights are not revoked. The popup window just disappears without a warning. When opening the security group rights window again it is clear that permissions are not limited.
This is really a shortcoming for us since we don't think an administrator should have viewing rights (or other rights) on every entry. An administrator should be user that can administrate users, security groups and roles. As long as auditing is done it isn't even a problem that an administrator can change its own rights, because at least you would have an audit trail and know if an admin is doing things he isn't supposed to do.
Kind regards,
Peter