Setting Secret, Folder, and Set Permissions

You can set permissions for the following secret objects:

  • Individual secrets (text or file)

    Secret permissions control access to the secret (text or file) and what actions are available to the user. If you created the secret, by default you have all permissions to the secret.

  • Folders

    Folder permissions control access to the folder and what folder actions are available to the user. If a user does not have the View permission for the folder, the user will not see the folder in the Admin Portal. Any changes to the folder permissions are also distributed to subfolders in the hierarchy. If you created the folder, by default you have all permissions associated with the folder.

  • Folder members

    Member permissions control access to all the secrets in a folder and what actions are available to the user for all secrets in the folder. When new secrets are added to a subfolder, member permissions are distributed to subfolders in the hierarchy.

  • Secret Sets

    Secret Set permissions control access to the set of secrets and the actions available to the user. If a user does not have the View permission for the set, the user will not see the set in the Admin Portal. If you created the set, by default you have all permissions associated with the set. For manual sets, you can specify permissions for both the set itself and the members of the set. For dynamic sets, you can only specify permissions on the set.

  • Secret Set members

    Member permissions control access to all the secrets in a set and what actions are available to the user for all secrets in the set.

You can also set account permissions for the accounts used to access secrets.

For detailed information on permissions, see Assigning Permissions

To set permissions:

  1. In the Admin Portal, click Resources, then click Secrets to display the list of secrets and folders.

  2. Select a secret, folder, or set.

    • For Secrets, click the secret to display its details.
    • For Folders, click the check box next to the folder name and then click Edit from the Actions menu.
    • For Sets, right-click the set and then click Modify.

  3. Click one of the following permission options:

    • Permissions (for secrets and sets)
    • Folder Permissions (for folders)
    • Member Permissions (for folders and sets)

  4. Click Add to search for and select the users, groups, or roles, to which you want to grant permissions, then click Add.

    By default, the user, group, or role is granted the View permission.

  5. Select the appropriate additional permissions for each user, group, or role you have added, then click Save.

Note that users who inherit their permissions from their membership in the System Administrator role can see the complete list of secrets but cannot retrieve any secrets unless they are explicitly granted the Retrieve Secret permission. In addition to granting explicit permission for Retrieve Secret, and inheriting it from roles and sets, users can also inherit the Retrieve Secret permission from parent folder(s). For more specific information about what different permissions allow users to do, see Assigning Permissions

If you have performed a multi-account delete, the secret file is saved with view only permission until the system administrator has given you rights to perform additional tasks.