We've used KeePass in our SMB for a while now, but have only recently begun sharing databases. Anyone accessing a KBDX file is essentially an admin over it, meaning they can both delete histories from entries and subsequently from the Recycle Bin. Is there a way to prevent or disable the deleting of histories (a setting, config file edit, plug-in, etc.)?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Altering database settings that affect the history depth in any copy of the database that they can open or directly synchronize with.
Individually trimming history entries in any copy of the database that they can open.
However, you can backup your databases. The backup copies can be used to reconstruct the history by synchronizing the backup copies with a current copy of the database that has its history set very deep. You would only miss changes made on a time scale shorter than the backup frequency e.g.
If a daily backup was in effect and a user made two changes to the same entry in an hour, and deleted their history, the reconstructed history would miss the intermediate changes but capture the final change of the day.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
A deleted entry will propogate to all sychronized databases. If it goes unnoticed until propagation is complete, the only way to recover it is with backup copies of the database.
Last edit: wellread1 2015-08-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We've used KeePass in our SMB for a while now, but have only recently begun sharing databases. Anyone accessing a KBDX file is essentially an admin over it, meaning they can both delete histories from entries and subsequently from the Recycle Bin. Is there a way to prevent or disable the deleting of histories (a setting, config file edit, plug-in, etc.)?
You can't prevent users from:
However, you can backup your databases. The backup copies can be used to reconstruct the history by synchronizing the backup copies with a current copy of the database that has its history set very deep. You would only miss changes made on a time scale shorter than the backup frequency e.g.
If a daily backup was in effect and a user made two changes to the same entry in an hour, and deleted their history, the reconstructed history would miss the intermediate changes but capture the final change of the day.
A deleted entry will propogate to all sychronized databases. If it goes unnoticed until propagation is complete, the only way to recover it is with backup copies of the database.
Last edit: wellread1 2015-08-12
You can use an audit trigger.
cheers, Paul