« What Makes A Good Password? | Main | Reused Passwords - Trust No One »

January 11, 2013

Password Server: In The Trenches - Users and Roles

Users and Roles in AuthAnvil Password Server

Cody Marbach

 

Setting up users and roles correctly is one of the most import elements in maintaining the security of your AuthAnvil Password Server. What passwords a user can access is based on the combined privilege of their own user level permissions, and any role permissions they may have. A user's scopes are also determined by their roles. For more information, check out our previous post on Scopes.

AAPS - Users and RolesRoles are very similar to Windows User Groups. You can assign any combination of users to a role, and then use that role as the basis for permission assignment in vaults. There are two major components to a role, the scopes and the users.

Scopes

Selecting a scope for a role means that the role can be used by any vault within that scope. If you wanted to make a single role for all the users of a given client, you could grant them access only to the client scopes you set up for them, while denying them access to scopes belonging to other clients, or your own company.

Users

Adding users is straightforward, any user that is selected as a member of the role will get any and all permissions that are assigned to this role.

Role and user permissions always give the best combined permission. If a user, Bob, has only read permissions to your Sample Vault, but a role Bob belong to is given full Owner permissions to the Sample Vault, Bob will be treated as a full owner of that vault. This also will override the Requires Approval permission, so be sure to practice least privilege in your user role assignment.

As a general rule, only give a user a specific permission if they need improved access. For large groups of users, assign their permissions via roles, and then grant other individuals, like team leaders or manager, the greater permissions they might need to perform their tasks on a per-user basis. This makes it easier to avoid accidentally granting permissions you don't intend to, and makes it easier to manage whole groups of users at a time.

Roles are a great way to easily and quickly manage your users in the AuthAnvil Password Server. If you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below or tweet with the hashtag #askauthanvil!

 

Cody Marbach is one of Scorpion Software's developers who works on the AuthAnvil Password Server.

Posted at 08:00 AM in In the Trenches, Tip & Tricks - AuthAnvil Password Server |

| |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e55005c8f98834017ee6df9c3e970d

Listed below are links to weblogs that reference Password Server: In The Trenches - Users and Roles:

Comments

The comments to this entry are closed.

Search

Visit Our Company Website
Subscribe to this blog's feed

Categories

Archives

More...

Become a Fan