RangerMSP Business Automation for successful ITs

 
April 22nd, 2019, 03:35 PM
tdr.css
 
Posts: 21
Hello,

We have a situation where we would like to restrict a user from accessing all passwords, except a few.

We generally have two types of users, Trusted and Untrusted. Trusted are people who have been with the company a long time and have access to all passwords (these are sysadmins in CommitCRM).

This is what is working so far (please let me know if there was a simpler way to do this):
* We assigned a token called UNTRUSTED to the untrusted user
* We assign a token to every account we have, titled TRUSTED. (Account security settings - User must have at least one) [Since our trusted users are sysadmins, they have access to all tokens and are able to see these account passwords.]
* For the accounts we want an Untrusted user to have access to, we apply the UNTRUSTED token to the account.


Is there a better way to have done this?

This works great, but is very hard to audit. Is there a way to dump the accounts/tokens to a file or something so we can easily audit this?
 
April 22nd, 2019, 03:38 PM
tdr.css
 
Posts: 21
Note, I am using the Advantage Database.
 
April 23rd, 2019, 06:02 AM
Support Team
 
Posts: 7,510
Thank you for posting this and for such a detailed explanation of your workflow!

Indeed the method you use, i.e. security tokens for passwords is the way to go.

As tokens are used to protect a specific Account or Password, you could only mark such Accounts with the TRUSTED token and keep all other Accounts "not-protected", i.e. without a security token. In any case, the way you implemented it is also great.

As printing the Accounts list with their security tokens is not currently an option, you may consider using another field, for example, one of the fields under the Account Details tab and set its value to TRUSTED/UNTRUSTED. Although it will require updating the same security value in two places, this will allow you to filter the Accounts by this field, add the column with this field in the Account list and more. Not ideal but an option to achieve that.

Hope this helps and thanks for asking!
 
April 23rd, 2019, 10:42 AM
tdr.css
 
Posts: 21
Thank you, is there a way to make new accounts, by default, have the TRUSTED criteria?
 
April 23rd, 2019, 11:59 AM
Support Team
 
Posts: 7,510
You're welcome. A default list of security tokens for new accounts is an interesting idea. I believe that we haven't heard about it before and I will add a feature request for it so it'll be evaluated. Thanks for asking.
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search



All times are GMT -6. The time now is 01:43 PM.

Archive - Top    

RangerMSP - A PSA software designed for MSPs and IT Services Providers
Forum Software Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.