Folder Permissions

If the new folder is a subfolder, it can use the sharing settings of its parent folder if you enable the inherit permissions from parent setting for the folder.

Folders can apply one of the following permissions to users or groups in the folder's Permissions table:

You can access a folder's permissions table by accessing the folder, clicking on the three horizontal dots by its name and selecting Edit Folder from the dropdown options.

  • View: Allows the user to see the folder and the secrets in that folder which inherit its permissions. Users need to have this permission for the parent folder to be able to see any subfolders available. Permissions granted to the root/parent folder will be inherited by subfolders.
  • Edit: Allows the user to create new folders in the root/parent folder, which forces the Inherit Permissions from Parent setting on the new folder. This permission also allows for creating new and moving secrets into that folder, as well as renaming the folder.
  • Add Secret: Allows the user to add a secret into a folder, but does NOT grant access to the added secret.
  • Owner: Allows the user to create new folders in the root folder without forcing inheritance. It also allows the user to move, delete, or rename the folder, as well as change the permissions and inheritance settings on the folder.

Depending on your configuration, these settings could affect the permissions of subfolders and secrets contained in the root folder. Folders are not visible to users that do not have at least the View permission. This allows users to create and manage their own folders without making them visible to all users. Some folder permissions include other permissions.

Table: Included Folder Permissions (Ordered from lowest to highest permissions required)

Permission Description Included Permissions
Add Secret Allows adding new secrets View
List (Secret) Allows viewing secret names None
View Allows viewing the folder None
View (Secret) Allows access to secret contents List
Edit Allows for editing secrets, creating and/or renaming subfolders Add Secret, View
Edit (Secret) Allows editing of a secret List, View
Owner Allows full control over the folder Add Secret, Edit, View
Owner (Secret) Allows full control over the secret Edit, List, View

Personal Folders

In Secret Server, a personal folder is a folder that one (and only one) individual has owner access to. No other user can modify sharing permissions on these folders. Users can add subfolders to their personal folder. The purpose of this folder is to allow a user to securely store work-related secrets that other users do not require access to.

If in break-the-glass mode, an unlimited admin can access a user's personal folder in order to recover secrets if needed.

Required Role Permissions for Managing Folders

Folder management is subject to these role permissions:

  • The Administer Folders role permission allows a user to create new folders and manage folders but specific folder permissions still apply.
  • Any user with the Administer Folders role permission can create new folders, but to create folders at the root level, the user also needs the Create Root Folders permission.
  • Any user who has the Create Root Folders permission can add new folders to any folders where they have Edit or Owner permissions.
  • Users must have the Owner permission to delete a folder.
  • Users can also move folders if they have the Owner permission on the source folder and the Edit or Owner permission on the target folder (where they are moving it). The folder automatically inherits permissions from its parent when it is moved, which is the same as when secrets are moved.