I'm curious to get the feedback of the Vault team (and other users perhaps) about this.
We are wrestling with the dilemma of how to administrate Vault. A couple of us technical guys have become de facto Vault admins.
My simple question is: when we are doing admin type stuff (adding whole new folder structures, labelling/pinning/user admin) - should we share the 'admin' id, or log on as ourselves but give ourselves admin rights?
If we share the admin id, history doesn't identify which of us made the particular change, but it does mean we can follow the "least privilege" principle when logging on as our normal, unprivileged usernames.
If we give ourselves admin privs, we know exactly who did what in History, but it leaves us open to accidentally doing something destructive.
What are the recommendations?
Vault administration - best practice?
Moderator: SourceGear
I can't really recommend one strategy over the other - you've laid out the issues with each, and it really depends on whether you'd prefer to have history reflect who made the changes, or be more protective of making accidental changes. I think different teams will answer differently for those questions, and both are valid approaches.
One idea for fixing up history would be to not automatically commit changes (this is an option setting), and then put who made the change in the change set comment when it is committed. You wouldn't be able to query on changes made by a particular history, but at least it will be listed somewhere in history.
One idea for fixing up history would be to not automatically commit changes (this is an option setting), and then put who made the change in the change set comment when it is committed. You wouldn't be able to query on changes made by a particular history, but at least it will be listed somewhere in history.