Tightening Vault's default Security Access Permission

This forum is now locked, since Gold Support is no longer offered.

Moderator: SourceGear

Locked
Tri
Posts: 288
Joined: Wed Dec 22, 2004 11:10 am

Tightening Vault's default Security Access Permission

Post by Tri » Tue Mar 20, 2007 9:47 am

Hi,

We are currently using Vault Server 3.16.

We would like to implement a way to circumvent the default security scheme "allow everything": Each time a a new user is created, this user has RCA permission on all repositories. When a new repository is created, it grants access to all users (including inactive users).

Of course we can change the default permission by creating custom exclusion rules, user default permission, etc. As I am not dedicated full time to manage Vault Server, some team leads are also Vault admin to give them more flexibility to manage their teams and projects. These team leads are not Vault gurus, some created users and repositories and afterward created exclusion rules to counter balance the openess of the default permission rules.

For our next Vault upgrade to 3.51 (or may be 3.52) we would like to completely re-organize our security scheme:

- All users will have ZERO permission by default (change RCA to nothing)

- Each repository will have a corresponding Vault group. The group will have RCA permission to the root folder of the repository.

- Trust users will be members of 1..N groups (each group grants full access to one repository as mentioned above)

- User with restrict access will not be member of any above group. They will have either specific folder access permission. Or belongs to a group having restricted and explicit folder level permissions.

Can you please review the idea and provide us with your comments? Thanks very much in advance.

Beth
Posts: 8550
Joined: Wed Jun 21, 2006 8:24 pm
Location: SourceGear
Contact:

Post by Beth » Tue Mar 20, 2007 10:16 am

We currently have feature requests for both the default behavior you described and for groups. I have added your vote and comments. We are making some of these changes in Vault 4.0.

Locked