User Capabilities and Vault Permission BitsΒΆ
Obtain list of all available capabilities (user) and permission (vaults) bits.
| Bit | Name | Value | User capability | Vault permission | Object |
|---|---|---|---|---|---|
| 0 | Read | 1 | Can use the system | Can read all information in the vault | n/a |
| 1 | Write | 2 | Can create vaults | Can modify vault content | n/a |
| 2 | Admin | 4 | Can add StoredSafe users | Can add user (share) and edit vault meta data | n/a |
| 3 | Audit | 8 | Can use the audit subsystem | n/a | n/a |
| 4 | Escrow | 16 | Escrow User (can not login) 1) | n/a | n/a |
| 5 | Alarm | 32 | n/a | n/a | Extra logging |
| 6 | Changepass | 64 | Must change passphrase | n/a | n/a |
| 7 | Active | 128 | User active (can login) 2) | n/a | Object active (shows) 3) |
| 8 | UG-list | 256 | Can see relations vault and users | n/a | n/a |
| 9 | 512 | n/a | n/a | Is a mail | |
| 10 | Bad policy | 1024 | n/a | n/a | Violates policy |
| 11 | RADIUS | 2048 | Can administrate RADIUS | n/a | n/a |
Note
1) Escrow is optional, but affects entire installation if enabled.
2) StoredSafe users is never deleted, instead users are deactivated to keep audit history intact.
3) Objects are not deleted on deletion, simply de-activated, to facilitate possible un-delete (from console).