.. _vault_permissions: .. _user_capabilities: .. _bits: User Capabilities and Vault Permission Bits ------------------------------------------- Obtain list of all available capabilities (user) and permission (vaults) bits. +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | Bit | Name | Value | User capability | Vault permission | Object | +=====+============+=======+=======================================+===============================================+=================================+ | 0 | Read | 1 | Can use the system | Can read all information in the vault | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 1 | Write | 2 | Can create vaults | Can modify vault content | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 2 | Admin | 4 | Can add StoredSafe users | Can add user (share) and edit vault meta data | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 3 | Audit | 8 | Can use the audit subsystem | n/a | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 4 | Escrow | 16 | Escrow User (can not login) :sup:`1)` | n/a | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 5 | Alarm | 32 | n/a | n/a | Extra logging | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 6 | Changepass | 64 | Must change passphrase | n/a | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 7 | Active | 128 | User active (can login) :sup:`2)` | n/a | Object active (shows) :sup:`3)` | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 8 | UG-list | 256 | Can see relations vault and users | n/a | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 9 | Mail | 512 | n/a | n/a | Is a mail | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 10 | Bad policy | 1024 | n/a | n/a | Violates policy | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ | 11 | RADIUS | 2048 | Can administrate RADIUS | n/a | n/a | +-----+------------+-------+---------------------------------------+-----------------------------------------------+---------------------------------+ .. note:: | :sup:`1)` Escrow is optional, but affects entire installation if enabled. | :sup:`2)` StoredSafe users is never deleted, instead users are deactivated to keep audit history intact. | :sup:`3)` Objects are not deleted on deletion, simply de-activated, to facilitate possible un-delete (from console).