User Groups

Users can be grouped together for easier management. User grouping helps in carrying out operations in bulk on all the resources of the group. The resources added to PMP can be assigned to a user group.

To add user groups,

 

In the Add User Group UI that opens,

 

 

What happens for a new user who gets added to an already existing group?

 

The new user will become part of that group and automatically inherit all the properties and permission levels of the group.

 

Importing User Groups from AD

You can import specific user groups and OUs from the active directory and retain the same user group structure in PMP. You can even choose to synchronize the user group structure in PMP with that of AD at periodic intervals. Refer to the section integrating active directory for more details.

 

Settings for User Groups

In order to achieve high level of security, PMP provides the option to configure the following settings for user groups:

 

Include passwords when resource details are exported to CSV format

 

When one exports PMP resources to a CSV file, by default, password of the accounts are included in plain text. In case, for security reasons, you wish not to allow the members of a user group to export passwords during resource import, you can do so from the group level setting:

 

 

Allow to manage personal passwords

 

PMP provides personal password management feature as a value addition to individual users to manage their personal passwords such as credit card PIN numbers, bank accounts etc while using the software for enterprise password management. The personal password management belongs exclusively to the individual users. For security reasons, if you do not wish to allow personal password management for a group of PMP users, you can do so from the setting as explained below. Once you do this, the 'Personal' tab will not appear in the PMP GUI for all the members of that particular group.

 

 

 

Allow to export personal passwords

 

PMP provides the option for users to export their personal passwords. For security reasons, if you do not wish to allow export of personal passwords for a group of PMP users, you can do so from the setting as explained below.

 

 

Permit group members to grant 'Manage Share' of their criteria-based resource groups to others

 

By default, 'Manage Share' for criteria-based resource groups is disabled. To enable it you need to carry out a configuration setting at the user group level.

 

The Reason

 

'Manage Share' for criteria-based resource groups is fraught with a risk of exploitation. There is a possibility that an administrator or password administrator could gain unauthorized manage permission for resources that are not allotted to them by intelligently creating a series of Resource Groups specifying certain matching criteria for the condition "Resource name contains".

 

How to Securely Enable it?

 

This can be enabled through a setting at the User Group level only. You need to do the following:

 

 

Once you carry out the above setting, the members of that particular user group will be permitted to do "Manage Share" of their criteria-based resource groups. Thus, administrators can decide who can use 'manage' share and track the events.

Managing User Groups

Editing a User Group - Adding new users to the group, deleting existing users from the group

 

You can edit an existing user group to add more users to the group or remove existing users. To edit a user group,

 

 

Deleting User Group

 

You can delete an existing user group in PMP. When you do so, the group will no longer exist. The group level settings done for that group will no longer apply for the users who were members of that group. Deletion of user group will not have any impact on the resources stored in PMP. The resource shares done for the group will vanish.

 

To delete a user group,

 

 

 


© 2014, ZOHO Corp. All Rights Reserved.