Local Security Permissions for Viewing of Local User Passwords
Permissions required for viewing of passwords
A user must have the "View Password" permission on the Computer resource related to the Local User they are attempting to view the password of. As well they must have read access to the Local User resource.
Additionally the following permissions are required for the general ability to access the view passwords functionality broken down by the Role Manager Views:
Settings
Read permission is required on the following.
- Notification Server/Right Click Menu/Local Security/Show Managed User Password
- Notification Server/Right Click Menu/Show Current Password
- Notification Server/Right Click Menu/Show Managed Password
- Notification Server/Right Click Menu/Checkin Password [Optional]
- Notification Server/Right Click Menu/Checkout Password [Optional]
- Arellia/Infrastructure/Report Queries/Local Security/Managed Local User Passwords Query
Data Classes
Read permissions are required on the following:
- Arellia/Security Management/User Account Password
- Arellia/Local Security/User Account Password Change
- Arellia/Local Security/User Account Password Change Request
Read/Write permissions are required on the following:
- Inventory/User Data/Global Windows Users
- Arellia/Security Management/User Account Password Disclosure
Additionally if Checkin/Checkout is being used read/write permissions are required on the following:
- Local Security/Local User Password Checkout
Changes in 7.1 SP1 MP1
7.1 SP1 MP1 incorrectly introduced additional requirements
- Read access to Settings\Arellia\Infrastructure\PasswordDisclosureSettings
- View Password permission on the Local User Resource (Resource Management\Organisational Views\Default\All Resources\Security Principal\Local User
Read Creating a Custom SMP Role for Password Disclosure for more information