Secret Permissions

Sharing passwords is crucial for information technology teams. Due to the sensitive nature of sharing secure information, Secret Server ensures shared passwords are tracked and guarded via permissions.

Depending on your configuration, folder settings can affect the permissions of secrets contained in that folder (and subfolders). Secrets and folders are not visible to users that do not have at least View (can see details) or list (can see a list of secrets) permission. See Secret Folder Permissions for more information.

To simplify sharing, new secrets automatically inherit the settings from the folder they are stored in. That is, we enable the "Inherit Permissions from Folder" check box on the "Sharing Edit" page by default, so secrets inherit all the parent folders' sharing settings. As long as this check box is selected, you cannot set the permissions for the secret. For more on folder security, see the Folders section.

There are four permission levels when sharing secrets with another user or group:

View: User may see all secret data, such as username and password, and metadata, such as permissions, auditing, history, and security settings.
Edit: User may edit the secret data. Also allows users to move the secret to another folder unless the Inherit Permissions from Folder setting is turned on, in which case the user needs Owner permissions to move the secret.
List: User may see the secret in a list, such as a list returned by running a search, but not to view any more details about a secret or edit it.
Owner: User may change all the secret's metadata.

Password text-entry fields are not visible if a secret has a launcher and the Hide Launcher Password setting is on or the user does not have the View Launcher Password role permission.

Secrets can be shared with either groups or individual users. The Secret Sharing section allows secrets to be configured for access.