In large teams, granting privileged access to users often becomes tricky. Not everyone requires the same level of access. Access controls and permissions should be carefully established so as not to impact productivity. One of the effective ways to achieve this is to grant permissions based on job roles and responsibilities. Role-based access controls makes it easier to revoke privileged access when a user no longer needs them.
Predefined and custom roles
Securden Password Vault comes with five predefined user roles.
- Super Administrator - Can view all work-related passwords stored in the application. Serves as a break glass account. Entitled to the overall administration of the application, including user management.
- Administrator - Can administer the application, including user management. Can see only the passwords that are owned and the ones that are shared. Entitled to overall administration of the application, including user management.
- Account Manager - Can add accounts to the application. Performs all administrative tasks related to the accounts.
- User - Can view the accounts shared by administrators. They can manually add accounts and share them with others. (They will not have the privilege to import accounts). If needed, you can disable account addition privilege for users.
- Auditor - Can view the reports and audit trails generated in the application. Besides, you can create custom user roles assigning specific access privileges.
You can strengthen role-based access with granular controls at the application level and at the individual accounts level. Irrespective of the role (except Super Administrator), you can restrict access to accounts in a granular manner. Access permission could vary from full access to passwords or just view/edit passwords or grant access without showing the underlying password.