#638 Users and group rights access

KeePass
open
nobody
5
2015-10-31
2006-02-01
Anonymous
No

Congratulation for your software!

It will be nice to have the choice of creating
several users/password into one database et give
access to certain group. Let say I would like to give
access to certain information’s to specific users...

That would be a very nice feature, everyone would
like to have.

Have a good day!

Andre F

Discussion

  • Nobody/Anonymous

    Logged In: NO

    I second this. We need a central password store at my
    company, but some passwords should only be accessible to
    finance, and some to administration, and some (like
    create/modify) should only be the database admin.

    Ideally:
    *User logs in (welcome screen can show list of users or
    groups, user chooses login and enters appropriate master
    password for that logon.
    *Each logon can be assigned to an 'access group' or multiple
    access groups (such as accounting, sales)
    *When choosing 'create password group' or 'modify password
    group', the dialog would show all the 'access groups', and
    allow you to set the rights to that password group for each
    'access group' (no access, read only, read+modify, create
    new entries, delete entries)

    *Database administrator 'access group' level - can
    create/remove users and assign them to groups.

    Database administrator needs to be thought out, since some
    password groups (such as HR for example) and their contents
    might need to be protected from access by administrator.
    Non-removable audit trail should show all account creations,
    user password changes, and rights changes to protect against
    administrator creating dummy accounts with escalated rights,
    or promoting rights of an existing employee temporarily. We
    can't keep an admin from seeing the passwords, but can audit
    what an admin has been doing.

     
  • loremari

    loremari - 2006-02-02

    Logged In: YES
    user_id=1348445

    Keepass is an application that enforces security at data
    level, i.e. the password you enter at login is used as a
    key to encrypt/decript the DB. You cannot read data
    without the correct password. This also means that the
    same piece of information (an entry) can't be read using
    different login passwords for different users: everyone
    must have the same password and thus can read the whole DB.

    What you are asking is security at application level,
    which is a completely different (and less secure)
    approach. It implies that the application "knows" the
    encryption password and can read the entry, but allows
    viewing to different users according to ACL's. So user
    login is "into the application" but not "into the
    database".

     
  • Paul

    Paul - 2006-02-03

    Logged In: YES
    user_id=1174665

    This would make KeePass multi user, something Dominik has
    said he will not do - see FAQ.
    Break your database into groups and export each group for
    specific users. Slightly more administration, much better
    for KeePass.

    cheers, Paul

     
  • Nobody/Anonymous

    Logged In: NO

    That's exactly what I am looking for!!

     
  • Francois C.

    Francois C. - 2006-06-02

    Logged In: YES
    user_id=1165235

    Many thanks for your software!

    It would be also nice to determine whether a group can see
    expired password or not.

    The idea is to minimize the consequences of the theft of a
    database.

    Best regards,
    Francois C

     
  • Paul

    Paul - 2006-06-02

    Logged In: YES
    user_id=1174665

    Expired passwords can be shown at startup. Tools | Options |
    Advanced.

    cheers, Paul

     
  • Chris George

    Chris George - 2015-10-30

    Great suggestion I hope it gets implemented. we need this desperately!

     
  • Paul

    Paul - 2015-10-30

    What gets implemented? If you want a multi user database try the commercial product Pleasant Password Server.

    cheers, Paul

     
  • Chris George

    Chris George - 2015-10-30

    quite pricey for big teams

    no plans to include this in keepass ?

     
  • wellread1

    wellread1 - 2015-10-30

    A password manager is the wrong place for managing user and groups rights access.

     
  • Paul

    Paul - 2015-10-30

    What wellread means is, no it won't be implemented. It is beyond the scope of a free personal password manager.

    cheers, Paul

     
  • Chris George

    Chris George - 2015-10-30

    I see your point, but any team with more than few people cannot use it without such feature :) currently we have different files for each group of people ,but some groups need to open few db files and they jump from one file to another to find where is the password they need and many db files have duplicate password etc. practically unusable for multi user environment.

    Maybe an additional plugin.

    I wish I had the skills to develop it myself :)

     
  • Paul

    Paul - 2015-10-30

    That's why you pay the big bucks for a commercial password manager. :(

    cheers, Paul

     
  • T. Bug Reporter

    T. Bug Reporter - 2015-10-30

    The KeeAutoExec plugin combined with the trigger system already gives KeePass the ability to auto-open other databases using info from a master database, but if someone wants to develop a plugin that searches all open databases simultaneously, that would probably be a great help for people in situations such as these.

     
  • Chris George

    Chris George - 2015-10-30

    great suggestion thanks , will try it in the next few days.

     
  • Paul

    Paul - 2015-10-31

    KeePass already searches all open databases for matching Auto-Type.

    cheers, Paul

     
  • Chris George

    Chris George - 2015-10-31

    How do you search all open databases ?

     
  • Chris George

    Chris George - 2015-10-31

    got it : ctrl+alt+a when you are at the window for entry

     
  • T. Bug Reporter

    T. Bug Reporter - 2015-10-31

    KeePass already searches all open databases for matching Auto-Type.

    I don't use Auto-Type much; most of the time, I use drag-and-drop for everything.

     
  • Chris George

    Chris George - 2015-10-31

    you should try the ctrl+alt+a saves a lot of time

    What is drag and drop ? this is something new

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks