Assigning Rights to Export Accounts - Confusion, Inconsistencies, and Information Leakage

Assigning Rights to Export Accounts - Confusion, Inconsistencies, and Information Leakage

All of the built-in roles in PMP have a non-admin privilege named "Export Passwords."

The privileges assigned by role and the privileges assigned by "Offline Access" are not correctly implemented. If the role you are assigned has the "Export Passwords" privilege, it doesn't matter if exporting is disabled for your user, your group, or even globally. You can STILL export all of the accounts under "Resource Actions."

Finally, "Export Passwords" is a misnomer - the function actually exports the accounts and whether or not passwords are displayed is another configurable option.

All of this is a big mess and it took me two hours of experimentation to figure it all out. Can this be fixed?

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products