No profile can'y be good...

2013-12-12
2013-12-19
  • Cesar Augusto

    Cesar Augusto - 2013-12-12

    The program is very good but fails in something fundamental: Any user with the master key can read / modify / delete any password.

    In a multiuser environment becomes inconvenient, even dangerous. So it would be helpful if the program has user profiles and scope of their actions. For example, can read but not modify passwords and record of all its actions, such as used them many times and which ones. These users would be limited and would not change any settings. Only master user (like root user in Linux) can do everything.

    Thanks!

     
    Last edit: Cesar Augusto 2013-12-12
  • Cesar Augusto

    Cesar Augusto - 2013-12-12

    Moderator, please fix the title and delete this comment. Sorry my ups!.

     
  • wellread1

    wellread1 - 2013-12-12

    Any user with the master key can read / modify / delete any password.

    What you are describing is the inappropriate use of a KeePass database. Like the user account credentials it contains, a KeePass database should belong to a single individual who keeps the Master Key secret.

    In the extraordinary event that it is appropriate to share user account credentials, a separate database can be created containing only those account credentials that are deemed appropriate to share. Access to the shared database is limited to those who know its Master Key. KeePass 2.x allows users to open multiple databases in the same Workspace allowing for convenient management of multiple database in these extraordinary circumstances.

    Unfortunately while a KeePass database with a strong Master Key is secure, it can not prevent insecure behavior (e.g. sharing the Master Key).

     
  • Paul

    Paul - 2013-12-12

    KeePass was designed for a single user. It has been adapted to allow multiple access, not multiple users.

    cheers, Paul

     
  • Cesar Augusto

    Cesar Augusto - 2013-12-14

    Thanks wellread1 and Paul.

    I suggest some feature that will be usefull. I work in a accountant office and some workers handle many customer accounts who have accounts with passwords at national tax collection web system. Of course we keep it confidential. We consider KeePass an excellent tool and use it much in order to protect our customers personal data. But every KeePass entry is subject to human error when we only need copy passwords for use to access the tax system, not to create/edit/delete them in KeePass. I mean, use KeePass database in read only for some user/profile and read/write when necessary. Maybe KeePass asking master password again for modify/create every entry. Do i make myself clear? Sorry my english and many thaks for replays.

     
  • Paul

    Paul - 2013-12-15

    KeePass won't work as you describe because it has not been designed to do so. There is a commercial multi user system that is supposed to be compatible with KeePass from Pleasant Solutions - I have not used it.

    cheers, Paul

     
  • steelej

    steelej - 2013-12-15

    You appear to be wanting to use KeePass to store user credentials in a Read only mode for some users.

    If it would be acceptable for your entries to be updated by only one person but still allowing many people can use the database to provide logon credentials then there may be solutions around setting read only permissions on the KeyPass database file for the majority of your users. The read only access could then be safely shared amongst all your users.

    The person with full access would make all the changed.

     
    • Cesar Augusto

      Cesar Augusto - 2013-12-19

      That's what i mean! I can set KeePass database file in read only for other users. But, it would be better from the program itself. I think developers will make this improve.

      Thanks steelej!

       
  • Paul

    Paul - 2013-12-19

    The developers won't change this because there is no way to know which users should have read only access. You can control access by using file permissions on the database.

    cheers, Paul

     

Log in to post a comment.