User Capabilities and Vault Permission BitsΒΆ

Obtain list of all available capabilities (user) and permission (vaults) bits.

Bit Name Value User capability Vault permission Object
0 Read 1 Can use the system Can read all information in the vault n/a
1 Write 2 Can create vaults Can modify vault content n/a
2 Admin 4 Can add StoredSafe users Can add user (share) and edit vault meta data n/a
3 Audit 8 Can use the audit subsystem n/a n/a
4 Escrow 16 Escrow User (can not login) 1) n/a n/a
5 Alarm 32 n/a n/a Extra logging
6 Changepass 64 Must change passphrase n/a n/a
7 Active 128 User active (can login) 2) n/a Object active (shows) 3)
8 UG-list 256 Can see relations vault and users n/a n/a
9 Mail 512 n/a n/a Is a mail
10 Bad policy 1024 n/a n/a Violates policy
11 RADIUS 2048 Can administrate RADIUS n/a n/a


1) Escrow is optional, but affects entire installation if enabled.
2) StoredSafe users is never deleted, instead users are deactivated to keep audit history intact.
3) Objects are not deleted on deletion, simply de-activated, to facilitate possible un-delete (from console).