cancel
Showing results for 
Search instead for 
Did you mean: 
IsmoLehtiniemi
Level 5
Status: New
Currently the access to specific credentials can be restricted by machines, processes & user roles. This leaves a security risk, especially in Development -environments, which potentially allows stealing personal credentials.

This could be fixed by adding a new option to the Credential Manager, which would allow selecting specific user(s) who can access the credential.

Other option would be allowing creation of user roles, which could be linked to AD user's SID. Currently only AD Group SIDs can be linked to a user role, and companies are not generally happy to create user specific "dummy" AD groups.
3 Comments
HarshitRawat
Level 8
I believe you would have to put your trust in developers working on the solution 🙂

There was a similar idea posted earlier highlighting that if you concatenate password data item with a text data item , you can get the password in plain text.
IsmoLehtiniemi
Level 5
When one needs to ensure comprehensive security for global automation environments & operations, "trust" is not a valid security policy. 

The fact that a password can be converted to plain text would not be a problem, if one could access only own personal + shared credentials. 

Right now it takes only one compromised user account (robot or developer), and all credentials linked for the applicable user role(s) are ready for grabbing.

Traditionally the PROD Credential Manager contains AD account credentials for the robot users to be able to use Login Agent, which potentially compromises the whole company's IT security.
AndrewPascal
Level 5
Agree with Ismo - at the moment, this is a gaping security hole