Announcement

Collapse
No announcement yet.

Auditing Password Tokens

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    Auditing Password Tokens

    Hello,

    We have a situation where we would like to restrict a user from accessing all passwords, except a few.

    We generally have two types of users, Trusted and Untrusted. Trusted are people who have been with the company a long time and have access to all passwords (these are sysadmins in CommitCRM).

    This is what is working so far (please let me know if there was a simpler way to do this):
    * We assigned a token called UNTRUSTED to the untrusted user
    * We assign a token to every account we have, titled TRUSTED. (Account security settings - User must have at least one) [Since our trusted users are sysadmins, they have access to all tokens and are able to see these account passwords.]
    * For the accounts we want an Untrusted user to have access to, we apply the UNTRUSTED token to the account.


    Is there a better way to have done this?

    This works great, but is very hard to audit. Is there a way to dump the accounts/tokens to a file or something so we can easily audit this?

    Re: Auditing Password Tokens

    Note, I am using the Advantage Database.

    Comment


      Re: Auditing Password Tokens

      Thank you for posting this and for such a detailed explanation of your workflow!

      Indeed the method you use, i.e. security tokens for passwords is the way to go.

      As tokens are used to protect a specific Account or Password, you could only mark such Accounts with the TRUSTED token and keep all other Accounts "not-protected", i.e. without a security token. In any case, the way you implemented it is also great.

      As printing the Accounts list with their security tokens is not currently an option, you may consider using another field, for example, one of the fields under the Account Details tab and set its value to TRUSTED/UNTRUSTED. Although it will require updating the same security value in two places, this will allow you to filter the Accounts by this field, add the column with this field in the Account list and more. Not ideal but an option to achieve that.

      Hope this helps and thanks for asking!

      Comment


        Re: Auditing Password Tokens

        Thank you, is there a way to make new accounts, by default, have the TRUSTED criteria?

        Comment


          Re: Auditing Password Tokens

          You're welcome. A default list of security tokens for new accounts is an interesting idea. I believe that we haven't heard about it before and I will add a feature request for it so it'll be evaluated. Thanks for asking.

          Comment

          Working...
          X