Overview
For shared folders within Secret Server, permissions are delegated between two user roles. Team User and Team Administrator. This guide will detail the permissions and responsibilities that are associated with each role.
Team User
A Team User is any member of a department that has a shared folder. They are given access to the shared folder to allow for easy collaboration amongst other users in their department. A Team User’s primary responsibilities with a shared folder are adding new secrets, deactivating old secrets, and modifying a secret’s fields as necessary. If any additional controls or sharing needs arise for a secret, a Team User should consult their respective Team Administrator for implementation.
Permissions
- Add Secrets
- Edit Secrets
- View Secret Password (where applicable)
- Launch Secrets
- Deactivate Secrets
- View Secret Templates and Policies
- View Password Requirements
Team Administrator
A Team Administrator is a user who has been granted additional abilities within their department’s shared folder. These abilities allow them to establish permissions within the shared folder, create additional folders, delete folders that are no longer needed, and manage how Team Users are able to interact with a secret. Team Administrators have the responsibility of managing the permissions of their folders and secrets for their users and users for other departments as necessary. Additional security controls like Multifactor Authentication (MFA) or approvals can be implemented by the Team Administrator.
Permissions
- Own Secrets
- Reactivate Inactive Secrets
- Advanced Import
- Assign Pipelines
- Force Check In
- Session Recording Auditor
- View Password Requirements
- View Remote Password Changing
- View Reports
- View Secret Audit
- View Secret Password and Private Key History
- View Session Monitoring
- View Session Recording Audit