Unlimited Administration Mode

Unlimited administration mode is a feature designed to allow an administrator access to all secrets and folders in their Secret Server instance without explicit permission. This can be used in the instance a company has an emergency where access to a secret is needed when no users who have permission are available. Alternately, it can be used when company policies require administrators to have access to all information in the system.

An unlimited administrator in Secret Server has extensive capabilities, including access to all secrets and folders even without explicit permission. Here are some of the key capabilities and associated risks:

Capabilities:

  • Access to All Secrets: Unlimited administrators can run Secret Server in unlimited administrator mode, which grants them access to all secrets and folders.

  • Break the Glass: This feature is part of the disaster recovery capabilities, allowing emergency access to secrets in critical situations.

  • Audit and Reporting: Unlimited administrators can generate and view over 90 out-of-the-box reports to monitor privileged access and ensure proper password hygiene.

  • Secret Checkout Override: Unlimited administrators can access secrets even when they are checked out by another user, ensuring accountability and traceability of secret usage.

Risks:

  • Potential for Abuse: With the ability to access all secrets, there is a risk that an unlimited administrator could misuse their privileges, intentionally or accidentally.

  • Security Gaps: Without proper monitoring and auditing, the extensive access granted to unlimited administrators could be exploited by bad actors if the administrator's credentials are compromised.

  • Insider Threat: An unlimited administrator could potentially become an insider threat if they decide to act maliciously or if their account is taken over by an external attacker.

To mitigate these risks, it is crucial to have robust monitoring, auditing, and alerting mechanisms in place. Secret Server provides features such as automatic email alerts for unlimited-administrator-mode access, detailed audit trails, and the ability to require dual control for certain actions to enhance security.

An alert visible to all users displays at the top of the Secret View page when unlimited administration mode is enabled.
For a user to be an unlimited administrator they must be assigned a role with the Unlimited Administrator permission and Unlimited Administration Mode must be enabled in Configuration settings.
The Unlimited Administrator Mode role permissions are assigned to the Administrator role by default.

To navigate to the Unlimited Administration section, select Configuration from the Administration menu, and then click Change Administration Mode. We recommend administrators have specific permissions to folders and secrets and this mode is only used temporarily to assign the correct permissions.

Changes to the administration mode are logged in an audit grid. The grid shows the user, time of the change, and any notes made by the user.