Assigning a credential for specific user(s)

IsmoLehtiniemi · ‎11-07-21

Currently the access to specific credentials can be restricted by machines, processes & user roles. This leaves a security risk, especially in Development -environments, which potentially allows stealing personal credentials.

This could be fixed by adding a new option to the Credential Manager, which would allow selecting specific user(s) who can access the credential.

Other option would be allowing creation of user roles, which could be linked to AD user's SID. Currently only AD Group SIDs can be linked to a user role, and companies are not generally happy to create user specific "dummy" AD groups.

HarshitRawat · ‎12-07-21

I believe you would have to put your trust in developers working on the solution 🙂

There was a similar idea posted earlier highlighting that if you concatenate password data item with a text data item , you can get the password in plain text.

IsmoLehtiniemi · ‎12-07-21

When one needs to ensure comprehensive security for global automation environments & operations, "trust" is not a valid security policy.

The fact that a password can be converted to plain text would not be a problem, if one could access only own personal + shared credentials.

Right now it takes only one compromised user account (robot or developer), and all credentials linked for the applicable user role(s) are ready for grabbing.

Traditionally the PROD Credential Manager contains AD account credentials for the robot users to be able to use Login Agent, which potentially compromises the whole company's IT security.

AndrewPascal · ‎03-12-21

Agree with Ismo - at the moment, this is a gaping security hole

SS&C Blue Prism Community

Assigning a credential for specific user(s)

Mini-Patches

Resource PC initialization function

Modular Platform

Enable placing an action on top of a line between ...

Blue Prism Cloud Products Free Trial or License