Testimonials
What our customers say about Team Password Manager

Granting access to passwords and projects

Current Team Password Manager version: 12.160.277
Note: this document applies to versions of Team Password Manager lower than 6.x. If you're looking for information about the v 6.x permission system please read this document: Permissions in passwords and projects.

This document describes how users or groups are granted access to passwords and projects in Team Password Manager.

These are the sections on this document:

  1. Some definitions first
  2. Types of access to a password
  3. Project access
  4. Password access

1. Some definitions first

Some things to remember when reading this document:

  • A password belongs to a project.
  • A user has one role. More information on user roles.
  • A user can belong to one or more groups.
  • A project has a project manager that can manage it. Initially, the project manager is the user who created the project, but this can be changed.
  • Managing a project means being able to: edit its data and security (access), upload files to it, archive/un-archive it, delete it and manage any of its passwords.
  • A password has a password manager that can manage it. Initially, the password manager is the user who created the password, but this can be changed.
  • If the "Editing policy" setting is "ANYONE", any user that has access to a password can manage it (except "only read" users).
  • Managing a password means being able to: edit its data and security (access), upload files to it, copy/move it to another project and delete it.
  • Access is always granted in Team Password Manager, never revoked.

2. Types of access to a password

There are 3 types of access to a password:

  • None: the password data can't be seen by the user.
  • Read: the password data can be seen and its files downloaded by the user.
  • Manage: the user can edit the password data and security (access), upload files to it, copy/move it to another project and delete it.

Read and manage are affected by the global setting "Editing policy":

  • USER (default): the password manager, the project manager or any admin user will be able to manage the password. All the other users that have access to the password will only be able to read it.
  • ANYONE: any user that has access to the password will be able to manage it (except users with "only read" role).

3. Project access

When a user creates a project in Team Password Manager, she has 2 security options:

  1. Grant access to the project to all the users. In this case, any user in Team Password Manager will be able to access the passwords in the project.
  2. Grant access only to specific users or groups (default since version 2.18.35). If this option is selected, only the marked users (or groups) will have access to the passwords in the project. If no user or group is marked, only the project manager and any admin user will have access to the project.

Users that have access to a project will be able to create passwords in that project (except users with the "only read" role).

In any case, only the project manager or any admin user will be able to edit the project's data, including security settings.

The security or access settings of the project can always be changed by editing the project.


Example

Setting project security

In the above screenshot you can see that:

  • The project manager is "Alan Hall" (the user creating the project).
  • Access is granted to the following users: "Jake Brown" (directly), "Lucas Cross" (directly), "Janine Black" (via the group "IT work") and "Tom Landy" (via the group "IT work") and "Alan Hall" (the project manager but also in the group "IT Work").

You can always see who's been granted access to a project in the "Security" tab of the project. In this case:

Project security tab

4. Password access

As stated in the previous section, any user who's been granted access to a project will be able to access the passwords in that project.

But what if you want to give access to a specific password to a user that doesn't have access to the project?

Since version 2.18.35, you can do this by editing a password's access with the "Edit security" button in every password. Note that this action can be performed by any user that can manage the password.


Example

Following the previous example, we created a password called "Test password" in the "Test project". We can see from the password's "Security" tab who has access to this password:

Password security tab

Let's give direct access to this password to "Claire Wood" by clicking on "Edit security" and selecting this user:

Password security

If we save and take a look at the password security tab, we can see that "Claire Wood" has now access to this password:

Password security tab

Some notes about password access

1. When a user has only access to a specific password but not access to its project (like in the previous example), she will not be able to see any data from the project (except the name). This user will not be able to access the project screen.

2. You can see if a project has users that have been granted specific access to any of its passwords by looking at the "Security" tab of the project. In the previous example, this is how the security tab looks after granting access to "Test password" to "Claire Wood":

Project security tab
Questions or Problems? Please contact our support department