Eval Problem and feature requests
Hi,
GROUPING:
I have created a User Group called "Acme Corp Firewall Admins". In this group I have placed a test Password Administrator called "JBloggs". I have also created a Resource Group called "Acme Corp Firewalls", shared it out to "Acme Corp Firewall Admins" and setup this group to automatically add passwords that exactly match...
'Resource Type' Equals = "Firewall"
'Location' Equals = "Acme Corp"
I then created a new resource called "Acme Corp BIG Firewall" and set the Location to "Acme Corp" and OS Type to "Firewall".
Firstly, these names "OS type" and "Resource Type" are labelled differently within your product but aren't they the same?
Anyhow, when I go back to the "Acme Corp Firewalls" Resource Group and perform a search it has correctly placed the "Acme Corp BIG Firewall" resource into the group, but when I select the "Resources" or "Home" tab and group items by the resource group "Acme Corp Firewalls" nothing appears.
Also, when I log on as JBloggs whilst he is able to see the "Acme Corp Firewalls Admins" group (It has been shared to him) he cant see any resources.
However if I delete the "Acme Corp Firewalls" resource group, recreate it but this time choose "Pick Individually" and then add the "Acme Corp BIG Firewall" resource into the group it is listed within the "resources" and "home" when the "Acme Corp Firewalls" group is selected and the resource also appears for JBloggs.
Am I doing something wrong???
This is now where the requests starts...
Another question on grouping. Why can't the Password Administrator Jbloggs who is a member of the "Acme Corp Firewall Admins" group create a new resource and place it in the already created "Acme Corp Firewalls" resource group? - The group is not available for him to add resources to even though it has been shared to him by the creator of the group?
With password administrators creating and sharing their own groups this causes the view to become extremely messy whereby one resource such as a Windows Domain could have 20 different resource groups because each one of the 20 administrators has decided to create his/her own resource group and share that out. Even though it should only be 1 resource group (It's just 1 domain)
It would be better to allow only super admins to create the Resource Groups and modify the user membership and allow the password admins to only change the resources within these groups. Without this global resource grouping the GUI can become a mess very quickly.
Now I understand you may say that it is by design that "others (including admin users) will not be able to see the resources added by you unless you decide to share your resources with them", but surely this should be left for the personal password section.
There is simply no way of me creating a central password list for a particular resource (i.e. Domain / Firewalls etc) and allow my members of staff to individually update this central list of each resource. Strange
PASSWORD POLICIES:
1. A Password Administrator is presented with the default password policies.. Low/Medium/High. Given that I can not force what policy the Password Administrator chooses for a new resource I can't stop them from choosing low everytime!
2. We have to store passwords of legacy resources and for resources that are out of our control (Created by third parties). Lots of these passwords do not meet the
requirements set out by the default password policies so we have created our own to allow everything! - This at least allows us to store the data for the time being.
Surely it would be better to give us end users the ability of either removing and/or changing the default policies to suit. Here's an example..
1. Remove the inbuilt password policies so they are not available for use. (dont give the password administrators the ability to choose LOW!!!)
2. Create a New Resource group and New password policy and marry the two up.
3. When the password administrator creates a new resource they know they must choose the correct resource group otherwise the passwords wont be shared with the right users. This sharing would be governed by a super admin as suggested above. By choosing the correct resource group they are automatically linked to the the password policy assigned to the resource group. Now given that the password may be out of the administrators control they are given the option to put in a password that does not meet the policy requirements but MUST note down why this is. i.e. "Legacy account password - needs to be changed"
4. The master Admin/Auditor comes along and runs a report to see which resources dont match the assigned password policy! Beautiful! Happy all round!
EMAIL NOTIFICATION:
I have integrated our users with AD. When I provision a new user it's nice to send them an automatic email but I want to change the wording of the email. Is this possible?
GRANULAR ROLE BASED ACCESS:
A choice of what access a user is granted would be nice. We have external auditors who like to check password records. I don't like the idea that someone could share a password with them. All they need to do is "Audit" the password change log
Thanks
GROUPING:
I have created a User Group called "Acme Corp Firewall Admins". In this group I have placed a test Password Administrator called "JBloggs". I have also created a Resource Group called "Acme Corp Firewalls", shared it out to "Acme Corp Firewall Admins" and setup this group to automatically add passwords that exactly match...
'Resource Type' Equals = "Firewall"
'Location' Equals = "Acme Corp"
I then created a new resource called "Acme Corp BIG Firewall" and set the Location to "Acme Corp" and OS Type to "Firewall".
Firstly, these names "OS type" and "Resource Type" are labelled differently within your product but aren't they the same?
Anyhow, when I go back to the "Acme Corp Firewalls" Resource Group and perform a search it has correctly placed the "Acme Corp BIG Firewall" resource into the group, but when I select the "Resources" or "Home" tab and group items by the resource group "Acme Corp Firewalls" nothing appears.
Also, when I log on as JBloggs whilst he is able to see the "Acme Corp Firewalls Admins" group (It has been shared to him) he cant see any resources.
However if I delete the "Acme Corp Firewalls" resource group, recreate it but this time choose "Pick Individually" and then add the "Acme Corp BIG Firewall" resource into the group it is listed within the "resources" and "home" when the "Acme Corp Firewalls" group is selected and the resource also appears for JBloggs.
Am I doing something wrong???
This is now where the requests starts...
Another question on grouping. Why can't the Password Administrator Jbloggs who is a member of the "Acme Corp Firewall Admins" group create a new resource and place it in the already created "Acme Corp Firewalls" resource group? - The group is not available for him to add resources to even though it has been shared to him by the creator of the group?
With password administrators creating and sharing their own groups this causes the view to become extremely messy whereby one resource such as a Windows Domain could have 20 different resource groups because each one of the 20 administrators has decided to create his/her own resource group and share that out. Even though it should only be 1 resource group (It's just 1 domain)
It would be better to allow only super admins to create the Resource Groups and modify the user membership and allow the password admins to only change the resources within these groups. Without this global resource grouping the GUI can become a mess very quickly.
Now I understand you may say that it is by design that "others (including admin users) will not be able to see the resources added by you unless you decide to share your resources with them", but surely this should be left for the personal password section.
There is simply no way of me creating a central password list for a particular resource (i.e. Domain / Firewalls etc) and allow my members of staff to individually update this central list of each resource. Strange
PASSWORD POLICIES:
1. A Password Administrator is presented with the default password policies.. Low/Medium/High. Given that I can not force what policy the Password Administrator chooses for a new resource I can't stop them from choosing low everytime!
2. We have to store passwords of legacy resources and for resources that are out of our control (Created by third parties). Lots of these passwords do not meet the
requirements set out by the default password policies so we have created our own to allow everything! - This at least allows us to store the data for the time being.
Surely it would be better to give us end users the ability of either removing and/or changing the default policies to suit. Here's an example..
1. Remove the inbuilt password policies so they are not available for use. (dont give the password administrators the ability to choose LOW!!!)
2. Create a New Resource group and New password policy and marry the two up.
3. When the password administrator creates a new resource they know they must choose the correct resource group otherwise the passwords wont be shared with the right users. This sharing would be governed by a super admin as suggested above. By choosing the correct resource group they are automatically linked to the the password policy assigned to the resource group. Now given that the password may be out of the administrators control they are given the option to put in a password that does not meet the policy requirements but MUST note down why this is. i.e. "Legacy account password - needs to be changed"
4. The master Admin/Auditor comes along and runs a report to see which resources dont match the assigned password policy! Beautiful! Happy all round!
EMAIL NOTIFICATION:
I have integrated our users with AD. When I provision a new user it's nice to send them an automatic email but I want to change the wording of the email. Is this possible?
GRANULAR ROLE BASED ACCESS:
A choice of what access a user is granted would be nice. We have external auditors who like to check password records. I don't like the idea that someone could share a password with them. All they need to do is "Audit" the password change log
Thanks