Limit access to credentials

Post your feature requests here
Post Reply
revocloud
Posts: 3
Joined: Tue Mar 03, 2020 9:07 pm

Tue Mar 03, 2020 9:45 pm

Separating users and devices using Tags works super! However, I would like my users to be able to make and/or view backups of a subset of devices, without gaining access to the credentials.

The thinking behind this is we'd like to centralize backups for multiple sites and perhaps even multiple customers. I wouldn't want local site admins or customer-personnel to gain access to credentials for other sites or customers.
User avatar
Tomas
Posts: 1239
Joined: Sat Jun 25, 2016 12:33 pm

Tue Mar 03, 2020 10:47 pm

READ-ONLY type users automatically can not see credentials / have no control over them.
To limit access to credentials for OPERATOR type users currently, the only way is to set "High security mode" for credentials.

There is also an option in "Other settings > Advanced system settings" to make "High security mode" for credentials the default.
ccummings-coeur
Posts: 5
Joined: Mon May 18, 2020 4:08 pm

Tue May 19, 2020 9:36 pm

I would also like to see something like this. For example, if we could tie a tag to credentials and treat them just like devices from an access perspective, that would be swell. It has been okay for us to do high security mode, however, in theory, an operator could still setup a honeypot-esque device to try and capture credentials, whereas if they couldn't discover devices with credentials they don't have access too, it would be the most secure option.

Thanks!
MetalDude32
Posts: 1
Joined: Fri Feb 11, 2022 2:05 pm

Fri Feb 11, 2022 2:12 pm

I apologize if a feature like this has already been implemented and I just haven't figured it out yet.

I would also like to see the ability to tag credentials. Yes, read-only and high security will block the password from being read but I'd like to remove the ability for users to even see the username used for device access that aren't associated with their zone.
Vik@Unimus
Posts: 198
Joined: Thu Aug 05, 2021 6:35 pm

Fri Feb 11, 2022 4:59 pm

Hello,

No worries - you are right, we don't have Tag-based access to Credentials implemented in Unimus. It is not currently planned (no ETA that we can provide), but it is a good and useful feature to revisit and look into in the future.
User avatar
NZNiknar
Posts: 3
Joined: Tue Jul 04, 2023 12:41 am
Location: New Zealand

Wed Mar 20, 2024 11:19 pm

Hello,

I'd like to re-awaken the discussion around tag-based access to credentials, and also expand on the idea with the idea of zone based credentials.

Cheers,
erik.k
Posts: 24
Joined: Wed Feb 07, 2024 8:16 am

Mon Mar 25, 2024 9:57 am

Hi,

fist off all i would like to apologize for later answer. We track both these requirements in our backlog but unfortunately there is no change regarding ETA. In case of any news i will keep you updated.
User avatar
NZNiknar
Posts: 3
Joined: Tue Jul 04, 2023 12:41 am
Location: New Zealand

Mon Mar 25, 2024 7:17 pm

No worries,

Thanks for the update. :D
Post Reply