Multiple User / Hidden Entries

SirTom
2013-11-08
2013-11-10
  • SirTom
    SirTom
    2013-11-08

    I don'n know if the idea is new or allready exists, but I don't even know how to search:
    I'ld like the posibility of distinct security levels for multiple users.
    Example: I, the boss, use KeePass for admin-PWs, user-logins and bank accounts.
    My son should be granted access the user-logins, but not the bank accounts.
    My wive can use the bank account, but doesn't need computer stuff.
    And I do not want to keep and mantain 3 different databases.
    By opening database with different master passwords could be granted different rights.
    Unallowed entries are simply invisible.

    Is there a posibillity (might be a plugin) like this, or is this a wishlist item?

     
  • wellread1
    wellread1
    2013-11-08

    KeePass does not support usernames, and the password databases are inherently single user because they are encrypted as a single object. It is unlikely that user based hierarchical security features will be added.

    However, multiple users can access an entire database if they share the Master Key. KeePass 2.x also supports multiple open databases in the same workspace and synchronization can be used to share a database remotely and conveniently. It is also possible to add a casual form of change auditing using a trigger.

    Pleasant Solutions offers a Password Server that they claim "provides multi-user password management, compatible with KeePass." But I have never seen any feedback about this product.

     
    Last edit: wellread1 2013-11-08
    • sporty222
      sporty222
      2013-11-10

      If multiple users can access an entire database if they share they Master Key, how can I make the share the Master Key?

      My Windows user has been destroyed somehow and I would like to Access my keepass.kdb file with a new Windows user. I know the Password and the Software runs properly under the new user.

       
      • Paul
        Paul
        2013-11-10

        Please open this as a new item and we will respond.

        cheers, Paul

         
  • wellread1
    wellread1
    2013-11-08

    A simple way to segregate entries so that a trusted co-user is not bothered by extraneous entries is to use groups.

    The KeePass KeeAutoExec plugin coupled with a trigger that moves the focus on locking to the auto-open database used by KeeAutoExec greatly facilitates management of multiple databases.

     
  • SirTom
    SirTom
    2013-11-08

    Thx für the quick answer and hints.

    Same MasterKey would be harakiri, NO WAY!

    Two databases is not the perfect solition either, because I have to enter 2 keys.
    I'm using this now. It works quite fine for just retrieving passwords.
    But whenever I have to change or ad a (semi)-public password I'm forced to edit it in 2 databases, and I never can be sure if they are absolute consistent.

    A Trigger maybe could help me to synchronise a specific key from one database to another, but I dont know how to do it. I'm not good enough to understand the way how i could use trigger to get my goal.

    I think I have to stand the current solution. :-(

     
  • Paul
    Paul
    2013-11-08

    You should never have the same entry in otherwise different databases, that's just asking for trouble. Decide which entries are required in which database and leave them there. If it means 4 databases that's always better than duplicate entries - and you can use KeeAutoExec to open them.

    cheers, Paul

     
  • wellread1
    wellread1
    2013-11-08

    Two databases is not the perfect solition either, because I have to enter 2 keys.

    The KeeAutoExec plugin can help with this.

     
  • SirTom
    SirTom
    2013-11-09

    Ok, thx.
    I'm going to study this.