Menu

#2987 Per group/item settings override

KeePass
open
nobody
5
2026-06-25
2026-06-25
Luiz Georg
No

Update the keepass database model to allow some database settings to be overridden for specific items or groups (cascading to children)

Some settings which could benefit from this change:

  • Default username (using groups to separate identities)
  • all History Settings

Examples of possible future settings that could benefit from this:

  • Password policy

Discussion

  • wellread1

    wellread1 - 2026-06-25

    KeePass doesn't support separate "identities" in the same database, e.g. children's identities.

    These suggestions would require major changes to the KeePass database that are unlikely to be implemented. The extra complexity of supporting separate user identities in the same database, e.g. user-level access rights, are more appropriate for enterprise-level password managers.

    • If you need separate user identities, create a separate database for each user. KeePass can open databases concurrently in the same workspace, each with independent database settings. The KeeAutoExec plugin has many capabilities that make managing multiple databases convenient, e.g. children's databases. For example it can open several database automatically, or the databases can be opened simply by selecting them from a database menu.

    • I am not sure whether you are referring to supporting multiple database usernames (currently there are none, not even one) or default entry-level usernames.
      • Regarding group-level user access rights, see my initial comments about complexity and appropriateness.
      • Custom entry level usernames can be configured using KeePass entry templates.

    • I am don't immediately see the logic of variable History Settings. For reasonable size databases that save account credentials, small or large histories across the entire database are feasible.

    • A KeePass user can set the (Automatically generated passwords for new entries) generator profile to whatever password length and complexity (strength) that they desire. Additionally it is possible to create and save custom password profiles. All password profiles are workspace properties, not database properties. See the Password Generator documentation for additional details.

      It is reasonable for individuals to use their own judgement, informed by an account's (website) minimum password strength requirements, when they create a password. For small groups it is probably more effective to convince users of the importance of creating and using strong passwords than it is to enforce seemingly arbitrary rules.
     

    Last edit: wellread1 2026-06-25
  • Paul

    Paul - 2026-06-25

    Use Templates and the KPEntry Templates plug-in?

    cheers, Paul

     

Log in to post a comment.

Auth0 Logo