PMP User Groups, Great idea BUT!

Who can administer PMP User Groups. the short answer is all PMP Administrators and this just isn’t right and I’m hoping the vendor will fix it soon.

User groups are great but…….

In setting up an area for a support team I created an AD group, imported it into PMP, set one of the new users up as a Password Admin and then provided my documentation on how to use PMP to securely store passwords.  I sat with the guy as he created a CSV file and started to import the passwords.

I showed him how to create a Resource Group using dynamic criteria so all his resources would be automatically added to the Resource Group as they were imported.  Then I showed him how to share it to all his team members using the User Group I’d setup.

Great now he creates a CSV with all the resources in, imports the CSV and PMP adds the Resources to the Resource Group and all of his team can access the passwords and it all happens in one step now that its all set up.

BUT there was a BUT in my first line!

I am not part of his team.  Currently I cannot see any Resources he added as they are not owned by nor shared to me.  BUT and here it is, I can add myself to the PMP group and BINGO I have access to his passwords.  That’s NOT secure.  Yes I can AUDIT this but the damage is done already, prevention is definitely better that the cure.

Is there a way of preventing this?

I cannot see a group owner, I’m thinking groups should be the same as Resources.  Password Admins should be able to add user groups.  They own them and can share management in exactly the same way as Resources.  That way I can set up a PMP group and then pass transfer ownership to the support team for subsequent management.  Leave the AD group security to me, this is out of scope of PMPs control and perhaps this leans me towards not using AD groups as a way of automating a Joiners Leavers Transfer process.

Right now the only solution I see is for this support team to share resources to Users not User Groups which makes the PMP User Groups useless as they present a security hole.  The downside is that for a BIG team this is going to be painfully slow for him to setup.

Thoughts?

Advertisements

2 thoughts on “PMP User Groups, Great idea BUT!

  1. Hi Lee. Thanks for your valuable suggestion. We are glad to have you as a customer and it makes us happy to see you trying to use Password Manager Pro in the most effective way possible. Our response is added here, https://forums.manageengine.com/topic/who-can-administer-user-groups

    Do write to us if you have any other questions/feedback.

    Ganesh

  2. Thanks Ganesh the product is getting better all the time and you have recently added some of my suggested improvements to the product so I vouch for the fact that you do listen to your customers.

Leave a Reply to clan8blogger Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.