Thycotic Community Forum

6/6/2011 2:24:09 AM Espen F Posts: 2	Hi, I wonder if the API is able to manage which AD users/groups who should have access to which secret/folder. This is an important feature for us as we have a high change frequency in our server farms.
	0 • link
6/6/2011 11:24:17 AM Ben Posts: 94	Hi Espen, Currently the API is not able to manage permissions on Secrets and Folders. I've taken this down as a feature request and updated the product manager. Is there any more detail you can provide regarding your business case for needing this? Thanks, Ben -- Thycotic Development Team
	0 • link
6/6/2011 1:19:52 PM Espen F Posts: 2	Hi Ben, Thanks for your reply. I will provide some more detail as of why we seek such a feature: We are are major Internet application, and service provider with over 250 customers with users varying from a couple, to 50-60 users needing access to limited parts of our infrastructure. Say for example that customer1 have 500 servers, and 40 users needing access to those systems. User A needs access to server 1 and server 2, while user B only needs access to server 2. This may change from week to week, with users only having access on a strict need to basis only. For over 250 customers, with a total over 4000 servers this becomes very time consuming to manage manually. We would like to say via an API that AD-group Y should have access to servers 1,2,3,4,5 (folder/group 1 and folder/group 2). This comes on top of a growing number of 300 employees. With such rapid, and large amount of access level changes it is important for us to be able to make effective, and yet secure changes. Thank you for your time.
	0 • link
6/6/2011 3:04:23 PM Ben Posts: 94	Hi Espen, Thanks for all the detailed information, that scenario makes a lot of sense. I've updated the request with your info. Regards, Ben -- Thycotic Development Team
	0 • link

---