HI

As a Privileged Admin account, I need to be able to periodically export ALL stored credentials to an encrypted offline html file for a DR type scenario.

To achieve this, I've played around with setting up a dynamic resource group which should capture ALL credentials (eg. membership rule: Location = TEST OR Location != TEST) and shared this with the Admin user only.

This works fine for all of the resources/passwords I imported initially via csv (and therefore own). However, when a different Password Admin user logs in and creates a new resource/credential, this does not get captured by my dynamic rule.

We'd want to take advantage of RBAC, so that certain users can't access certain resources - but I can't see a way to backup all credentials without exposing all credentials to all users.

Does anyone else have an approach for this problem?