Release 2.1.4 of TeamPass will be delivered the 29-FEB-2012.
Many corrections have been done and one big change will impact your today usage of the tool. Indeed the ”Administrator” profile has changes and is now a technical profile which has not the right to see Items. This choice has been motivated due to the fact that Administrator could have access to “sensitive” Items existing in the database. So now Administrator profile is associated to real administrative tasks such as managing Folders, Roles and Users.
So if you were using your Administrator account to navigate through Items, it is now necessary to create a new account for your “day usage” of the Tool. Please follow instruction page.
What are the changes done on this release.
- Corrections: SF237 , SF240 , SF243 , #29, #25, #32 , #36 , #37 , #39 , #40 , SF257 , SF259 , SF239 , #41 , #40
- SF231: How to Restrict Admin from Viewing items
- #31: new setting option for dynamic list
- #27: new subfolders only associated to the same roles as the parent folder
- #33: folder management in items page
- Changing SALT key from admin pages
For any bug detection, please use Github
Release 2.1.5 is out!
You can download 2.1.5 which is in fact a patch in order to disable the new Administrator Profile.
If you want to keep the old way of “Administrator profile”, you should do as this:
- open include.php file (in folder Includes)
- change value for constant $k['admin_full_right'] to FALSE
From TeamPass 2.1.4, the profile “Administrator” has changed. This profile is now changed into a pure technical profile will permits to administrate TeamPass’s installation. With this strategy, Administrator users will no more be able to reach shared items.
The reasons of this strategic change is that actually Administrator profile could have access to mainly all folders and items (unless the author had restricted it access). This could make Administrators allowed to access too much items.
With this new strategy, the Administrator account should now only be reserved to technical aspects such as preparing tree structure, creating the roles and manage users rights.
How to handle it on your actual installation?
If you actual are using such a profile to access Items, it is mandatory to follow the new steps:
- open Users Management page
- rename your previous admin account (for example: ‘admin’ becomes ‘my_name’)
- create a new user called ‘admin’
- associate ‘Administrator’ profile to this new user
- close your actual session
- open new session with new ‘admin’ user
- open Users Management page
- disable ‘Administrator’ profile for user ‘my_name’
- associate to user ‘my_name’ the roles he/she should have
This will permit to transfer all your previous rights and items on this new user.
In TeamPass, a single user can be either an Administrator, a Manager or a simple User.
This attribute gives the highest level of rights to a User.
The Administrator attribute permits the User to:
- access to all pages of cPassMan;
- define and manage Folders, Roles and Users;
- customize and set the cPassMan settings;
- access to all items except those that are personal to Users and those that are restricted to specific Roles.
Administrator attribute has to be reserved to IT representatives or similar.
Set at least 2 Users with this attribute in order to ensure a certain level of security.
This attribute is more an organisational attribute given to a specific User.
With this attribute, a Manager can manage the:
- Roles of the set of Users,
- Allowed/Forbidden Folders of the set of Users.
The Manager can only act on a set of Users made of all the Users that are associated to the same Roles as the Manager.
For example, if a Manager is associated to Roles R1 and R2, then he/she can interact on all the Users that are also associated to R1 and R2.
This attribute will permit to define Managers for team leaders, customer leaders, etc.
Notice that a Manager don’t have any possibilities to:
- modify the cPassMan settings;
- see Items he/she is not allowed too.
Read only privilege is introduced since version 2.0.
When Users are “read-only”, they can not create, update or delete any item. They can only read the items they are allowed to.
Nevertheless, they have a free access to their Personal Folders (if this option is enabled by Administrator).
This is not a specific attribute. All accounts created in cPassMan are called Users.
This page permits to define and manage the Users of the tool.
Each User is associated to:
- Roles: this define the Folders the User can access;
- Allowed Folders: add more Folders the User can access to (over-class the Roles definition);
- Forbidden Folders: restrict to more Folders the User has access to (over-class the Roles definition).
Administrators can manage all other Users.
Managers can manage all the Users associated to the Roles the Manager has. Managers can’t modify their own account or Administrators accounts.
In this page, the Administrator or Manager can:
- Create a new User;
- Reset User’s email and password;
- Lock a User (User can’t any more get logged);
- Delete a User.
This page permits to define and manage the Roles for Users.
Use the matrix for Roles definition
A Role is associated to a list of allowed Folders. That means that a user that has a specific Role will have an access to this list.
A User can be associated to several Roles. In that case, the User will cumulate all the allowed Folders of all Roles.
This permits a very quick deployment of the tool.
The Roles are set by Administrators.
Defining the allowed or not Folders is done using a specific matrix by clicking on the cell … which makes this step very easy, quick and visual!
This page permits to define and manage Folders in which the Items will be stored.
Define and manage the Folders
Administrator car create, modify or delete Folders. He can also define the minimal complexity level for passwords.
It is possible to define if you authorize a creation or modification with a password complexity level that is not enought complex.
Notice that modification are done inside the table using Ajax without any page reloading.