7/22/2011 1:05:44 PM
Blake P
Posts: 19
|
Howdy. Within our environment we have 20 (soon to be almost double that) users actively in Secret Server and adding records. As we bring in a new customer we go through something we call "Onboarding" where we go through and import all of their existing documentation into our format, including importing all of their password information, and other common asked information into Secret Server.
To maintain some form of order and structure, I wrote a small application that does a find replace on a prebuilt XML template to automate the folder structure that we create for customers. That part is working great, and I have been using that for about 2 months while building the base structure for our customers and it has been working great. This worked great for generating a common folder structure for 200 customers and about 10-30 folders per customer folder in a single XML import 
Now that we have the majority of our engineers inputting new records into Secret Server instead of our old broken password management software, this means normal users are generating the XML files to import for customers. As it stands right now, users who are not listed as Administrators do not see the XML import button. Anyone know what permission this is that needs added to our Engineer role?
Thanks!
|
|
|
0
• link
|
7/22/2011 3:41:59 PM
Blake P
Posts: 19
|
To wrap up what I recieved from Ben via support ticket, to use the XML import feature the role needs the following permissions.
ben wrote:
Add Secret, Edit Secret, Administer Folders, Administrer Templates, and Share Secrets permissions. Currently Administer Users is required, which will be removed in the next release (2-3 weeks) since it should not be a requirement.
|
|
|
0
• link
|
7/22/2011 3:44:33 PM
Ben
Posts: 95
|
Hi Blake,
I responded via a ticket, but I'll update this thread for anyone else that is interested.
Since the XML import allows creation of multiple types the following permissions are required: Administer Folders, Add Secret, Edit Secret, Share Secret, and Administer Secret Types. Additionally the Administer Users permission is required, since it was originally thought that the XML import would include user creation. That permission will not be required in the next release since the XML import does not allow user creation at this point.
Is there anything else you would like to see the XML import support?
--
Thycotic Development Team
|
|
|
0
• link
|
7/22/2011 3:54:16 PM
Blake P
Posts: 19
|
I am not sure if there is an easier way to deploy a new customer template containing the folder structure, but last time I worked with support that was the recommended way. With our old software we had a folder which was labeled as Site Templates that contined the information that we would just copy. Example of previous and current structure below. Each root folder has permissions set, and then everything below it is inheriting permissions.
Old software.
-Clients
--Customer Name 1
---Site Name
--Customer Name 2
---Site Name
-Internal
-Site Templates
--New Customer
--Additional Full Site
--Additional Small Site
Current Folder structure per customer
-Customer Name
--Site Name
---Accounts
----Local Machine Accounts
----Internet Accounts
----Off Site Backup Information
----Service Accounts
----VMWare Accounts
---Misc
---Network Infrastructure
----Voice Infrastructure
----VPN Information
---Remote Access
When a customer gets a new site, I have been deploying one of 2 XML templates into that existing root customer folder. Same for when we add a new customer, we deploy the New Customer template. Would there be a better way to do this? Understanding that most of our customers have an average of 50-100 records with some of them over 1000 thats why we have the folder structure laid out the way we do.
|
|
|
0
• link
|
Secret Server 
Secret Server on Facebook 
Password Reset Server 
Group Management Server
Company 
Thycotic on Twitter