- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiPAM - Permissions for template "Web Account"
Hi there,
I did several tests but it seems - really?? - that the template type "Web Account" acts with completely different permission settings in the background than other launchers.
Testing with launcher like PuTTY or WinSCP or RDP ... I could test this with a user that should only be able to see the entry and can launch this - so using the permission type "Viewer" - without beeing aware ot the stored password nor can change this secret. So far, this is running fine with several launcher types.
The same scenario using a "Web Account" secret is not possible. It seems as "Launch target" could be possible for the test user (with "View" permission for this target as well as for the underlaying folder) because it is not greyed out in the secret list. But clicking on "Launch Secret" leads to the details of the entry - and there the mouse over message over the (now greyed out "Web Launcher") tells me that this launcher cannot be started because of not enough permissions.
(Attached two pictures)
So, this would mean that every user that only commit the launch for a web-target-secret must have at least "Editor" privilge status with the option to see the stored password?? I cannot imagine that this really meant to be the way, would be very dissapointing for me. We are using the actual version 1.3.0 of ForitPAM.
Looking forward to hearing from you. Thanks in advance.
Kind regards,
Daniel
- Labels:
-
FortiPAM
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ddiez
Config. from screenshots seems ok, can you please address it with a ticket so we can troubleshoot it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to do so, but due to missing subscription I cannot place a ticket for this product. We are in the phase of trial evaluation (proof-of-concept) for this product.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually this problem has been submitted as ticket to the support at Fortinet. I am excited for the resolution of this behaviour.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi KuC,
Thank you for this info and do not hesitate to share the support solution once you get it :)!
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just as feedback after a while: With FortiPAM 1.4.0 this function is working now. This hAs been a bug before in combination with VMware vSphere and its web-login. Now after the upgrade everything runs perfectly.
- « Previous
-
- 1
- 2
- Next »