You are correct that the list is machine driven. To these means you would also be correct that if someone has access to any of the systems on any list they would have access to all password associated with that machine, including SQL accounts.
Ultimately you have two choices, one is to add machines into the second list manually such as server_name-SQL and then manually input the SQL passwords. This works fine if you don't want RPM to manage those passwords aside from storing them. Or your second choice is to use username filtering.
Username filtering works like this, you have granted groupX the rights to recover passwords for a group of systems but you would like to limit the accounts that they can recover passwords for and all of those accounts have the same or similar names.
To setup recovery filtering, open Random Password Manager and go to SETTINGS | MANAGE WEB APPLICATION | MANAGE DELEGATION.
On the "Account Management" dialog, click the "Account Masks" button in the lower right portion of the dialog.
On the "Account Masks" dialog, click the ADD button to create an account mask. First, highlight the user or group you would like to add the mask for then add the account mask. THe account mask allows for the use of wildcard characters such as * or ? as in admin* or admin??.
Creating a mask like this defines which accounts the users can see or recover. This means, if you selected the group domain\help_desk and specified an account mask of administrator, they could only recover account named administrator from the groups that they have been delegated access to.
Hope that helps!
Support
support@liebsoft.com
_________________________
1900 Avenue of the Stars, Suite 425
Los Angeles, CA 90067
http://www.liebsoft.com
Main: (800) 829-6263
International: +1 (310) 550-8575
Fax: (310) 550-1152
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote