With the production release of Passwordstate V9 in March 2021 we changed the existing Permission Models used in Passwordstate Version 8. These changes, based on feedback from our Global user community, were aimed at simplifying the methods of assigning permissions while still providing flexibility.
Recently our support team have been receiving a number of Support Requests asking for assistance with issues associated with understanding and rectifying incorrect permissions. We’ve also been receiving support requests stating there appears to be an error, with some folders showing red crosses on them. So…what’s with the Red Crosses?
A Quick Recap on Version 8 Permission Models
First let’s do a quick recap on the permission models that existed before Passwordstate V9.
The Standard Permission Model enables the permissions to be set on the Password List, in the image below the Credit Cards Password List. These permissions are then inherited or rolled-up through the Folder Structure to enable access to the Password List. Again, in the example anyone that is provided permission to Credit Cards also has permission applied to the folders Finance, London and Click Studios to ensure they can get to the Credit Cards Password List.
Using the Propagating Permission Model, you set the permissions required at folder level and these permissions propagate down to the target Password Lists. You would set the permissions at the London folder and all nested folders and any Password Lists they contain will have those permissions set the same. In the example blow, London and Finance have the same permissions and the two Password Lists, Credit Cards and Online Systems are accessible. If the folder has a downward pointing green arrow then the permissions model is Propagating.
With the Manual Permissions Model, you could specify a folder to have the permissions manually set. Manual Permissions only apply to the folder they are set on and do not inherit permissions from any nested folders or Password Lists beneath it. If a folder has a blue padlock, then the permissions model is Manual.
You’ll note that in the image above the Click Studios folder is set using the Manual Permissions Model and the folders London, Finance and the two Password Lists in the Finance Folder have been set using the Propagating Permissions Model.
What Changed under V9?
The Beta 1 release of Passwordstate V9 introduced 2 significant changes to the Permissions model. The image below shows the reference in the Change Log, dated 11th January 2021,
- The first of these changes was that Folders and Password Lists could be configured to block inheritance from parent objects, and,
- and second, the Manual Permissions Model was removed and replaced with blocking of inheritance and propagation of permissions to nested folders and Password Lists.
This model was subsequently called the Advanced Permissions Model. But what does that actually mean?
An Example
Let’s use an example to clarify the new model. The Advanced Permissions Model allows you to disable inheritance of permissions from above, at any folder level in your structure, and then set and propagate a different set of permissions to any folders and Password Lists below that folder level. It effectively replaces the Manual Permissions Model used under version 8. Let’s use an example based on the image below;
The Red Circle 1 shows that Propagating permissions have been set at the Customers Folder and these are propagating down to each folder as shown the Blue downward arrow. Except for the Allsand folder which has blocked inheritance from above, has different permissions applied to it and is propagating these to any nested Password Lists.
Red Circle 2 also shows that inherited Permissions have been blocked by using the Advanced Permission Model at the Customer Service Folder, with a different set of permissions set for that folder and these propagating down to the nested Password List Web Logins.
In Summary, the Red Crosses simply show that inheritance has been blocked at that folder and new permissions have been set and propagated down to any nested folders or Password Lists.
Got feedback? We’d love to hear it via support@clickstudios.com.au