Introducing Secret Server 8.5 Pt. 3: Better Access Control with Secret Server Group Ownership
Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Check back each week through April to learn something new about 8.5 and how it will increase your team’s overall security and productivity. Today’s post focuses on implementing better user access control with Group Ownership. Enjoy!
This week we’re spotlighting the Group Ownership feature. Remember when giving a user group administration privileges meant trusting them with access to membership for all groups in Secret Server? That practice is long gone. Now, administrators can delegate group membership privileges to other users for their specific groups only. The result? Less burden on Secret Server administrators to manage groups, and more control for teams over their own individual groups.
Ready for the details? Here’s how it works:
An administrator (or any user with the Administer Groups role permission), chooses a local group to edit. By default, the group is managed by “Group Administrators,” but administrators can now select one or more “Group Owners” to manage the group instead. Group Owners can be multiple individuals and/or other groups. Once a group has been switched to the “Group Owners” model, Group Administrators will no longer have inherent permissions to make any changes to that group. As soon as a user is designated a Group Owner, they’re automatically assigned the Group Owner role. The Group Owner role will allow them to access the Groups administration page, where they will see only the groups they’re an owner of and have the ability to add or remove group member and owners.
Control Folder/Secret Permissions using Group Membership
With the addition of Group Ownership, delegating Secret and Role permissions becomes a more streamlined process. After providing a group permissions to a specific folder and then assigning a Group Owner, the Group Owner will be able to manage membership of the group, which effectively controls permissions to that folder of Secrets.
Stay tuned next week for a look at the new SSH Proxy features! Hopefully you’ve had a chance to test drive the new 8.5 features in Secret Server, what do you think? Do you have a favorite 8.5 feature? Share your favorites in the comment section below.
Latest posts by Thycotic Team (see all)
- Predicting Potential Threat: Behavior Analytics & Threat Modeling - October 21, 2014
- (Video) Are You Following Password Best Practices? - September 23, 2014
- What is a smart grid and why should I care about it? - September 16, 2014