Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Private credential management for read only role
#1
We're a service provider supporting multiple customers.

Some customers have generic credentials which would be defined as public in vRD2010
Larger customers require each support agent to have their own username and password.

When I create an AD account/group for our support agent to use in vRD2010 I want 'everything' to be read-only as far as the connections and folders are concerned but I DO want them to be able to manage/apply their private credentials to a customer folder/connection. I have set the permissions under credentials > folder > private credentials to Full Control for the support agent account but this doesn't seem to achieve anything.

Is this configuration possible?
Reply
#2
Have a look at the tab "Authorization functions" in a custom security role dialog.

Remote desktop administration
=> Allow to change assigned credentials on read only connections
=> Allow to change assigned credentials on read only connection folders

Try these two options...
Regards/Gruss
Oliver
Reply
#3
Thanks but....
I have those settings already and it doesn't allow me to create personal credentials.
for example, I log on as a 'regular user', select a folder containing 'Customer A' servers, I choose properties and want to be able to create some personal credentials to use for this customer's servers. I can't because the option is greyed out.
Similarly if I highlight folders in the credentials node, there is no option to create new.

Current settings are shown in attachment.

       

btw. just discovered that if I untick public credentials but leave the tick in 'personal' under permissions, the application fails to load with "An unhandled exception has occurred" :-O
Reply
#4
Could you set permission on "credentials folder" to Full control - then you should be able to create new private creds

We plan a completly new security for vRD with many more options - but not before the next major version...
Regards/Gruss
Oliver
Reply
#5
If I set the permissions as per the attachment, I can create both *public* and personal credentials via the Credentials node - half way there!

I don't want regular users to be able to create public credentials.

interestingly, it is still not possible to create new credentials from the server or folder level.

   

I suspect the answer to this is the defect I discovered earlier where I cannot un-tick public credentials without the application crashing. I'm using .Net 2 and haven't tested whether updating this is likely to improve things but according to the docs, 2.0 is supported.
Reply
#6
It's not related to your .NET version - 2.0 is the correct one - I put it on the list for the next version
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)