Managing Collection Object Rights

Collection object rights determine which management operations users and roles are allowed to perform on collections. These rights apply to the collection as an object itself, such as viewing, modifying, deleting, moving, and creating collections, and are distinct from access levels used to control access to secrets stored in collections.

Collection object rights are part of the Role-Based Access Control (RBAC) model used in Password Vault. Through RBAC, management rights can be assigned to roles and individual users to control administrative access to collections. For more information about the RBAC model, see Role-Based Access Control (RBAC).

Note

Object Rights vs. Permissions


It is important to understand the difference between object rights and permissions:

  • Object Rights control what users can do with the collection itself, such as creating, modifying, deleting, or moving collections.

  • Permissions control access to the secrets stored within the collection, such as View on request, View, or Full edit.

Assigning Object Rights to Users

  1. Select Password Vault > Organization Vault.

  2. Left-click on the collection you want to manage.

  3. Navigate to the OBJECT RIGHTS tab.

  4. In the USERS sub-tab, click Assign User.

  1. Select the users you want to assign and click Save.

  2. Use the checkboxes to grant specific rights (Modify, Delete, Move, Create) to each user.

  3. Click Save and Close to apply the changes.

Assigning Object Rights to Roles

Role-based access control allows you to assign predefined roles to collections instead of managing individual user permissions. This approach simplifies permission management, especially in larger organizations with established role hierarchies.


  1. Select Password Vault > Organization Vault.

  2. Left-click on the collection you want to manage.

  3. Navigate to the OBJECT RIGHTS tab.

  4. In the ROLES sub-tab, click Assign Role.

  1. Select the roles you want to assign and click Save.

  2. Use the checkboxes to grant specific rights (Modify, Delete, Move, Create) to each role.

  3. Click Save and Close to apply the changes.

Note

Users inherit object rights from their assigned roles. If a user belongs to multiple roles, they receive the combined rights from all their roles.


Related topics: