Local Security Permissions for Viewing of Local User Passwords

Owned by Anonymous
Last updated: Jan 30, 2014 by Mike Murphy
1 min read

Permissions required for viewing of passwords 

A user must have the "View Password" permission on the Computer resource related to the Local User they are attempting to view the password of.  As well they must have read access to the Local User resource.

Additionally the following permissions are required for the general ability to access the view passwords functionality broken down by the Role Manager Views:

Settings

 Read permission is required on the following.

  • Notification Server/Right Click Menu/Local Security/Show Managed User Password
  • Notification Server/Right Click Menu/Show Current Password
  • Notification Server/Right Click Menu/Show Managed Password
  • Notification Server/Right Click Menu/Checkin Password [Optional]
  • Notification Server/Right Click Menu/Checkout Password [Optional]
  • Arellia/Infrastructure/Report Queries/Local Security/Managed Local User Passwords Query

Data Classes

 Read permissions are required on the following:

  • Arellia/Security Management/User Account Password
  • Arellia/Local Security/User Account Password Change
  • Arellia/Local Security/User Account Password Change Request

Read/Write permissions are required on the following:

  • Inventory/User Data/Global Windows Users
  • Arellia/Security Management/User Account Password Disclosure

Additionally if Checkin/Checkout is being used read/write permissions are required on the following:

  • Local Security/Local User Password Checkout

Changes in 7.1 SP1 MP1

7.1 SP1 MP1 incorrectly introduced additional requirements

  • Read access to Settings\Arellia\Infrastructure\PasswordDisclosureSettings
  • View Password permission on the Local User Resource (Resource Management\Organisational Views\Default\All Resources\Security Principal\Local User

Read Creating a Custom SMP Role for Password Disclosure for more information