In principle, the administrator has full access to all data in Password Depot. This lies in the nature of things and often is explicitly desired: An administrator should have control over the data in case of an emergency. For example, if an employee leaves their company, it is usually not desirable that their access data is lost as well.
However, every organization has its own policies or requirements. Therefore, Password Depot is flexible to let you decide how you want to access your data.
Consequently, if you do not want your administrators to have access to the data stored in Password Depot, there are several methods you can apply.
Use of a multi-part admin password
The simplest method is to split the master password of the admin account into two or more parts. Thus, when logging in to the server, two or more people have to type their password part. Both (or more) persons remain on the server during work and log off whenever they are finished. This ensures that at no time only one person has control over the data.
Of course, all administrators involved here should also keep their password part in a safe place and hand it over if they leave the company - otherwise, the databases cannot be opened without the full password.
To avoid impeding the work flow during setup, splitting the password into several parts is only recommended after the setup has been completed - and before the databases are filled with "real" data.
Protecting individual entries
You can protect individual entries by defining an access password for them. This entry can then only be viewed by people who have previously entered the correct access password. To protect a specific entry with a second password, right-click on it and select Properties and then the Advanced tab.
Note: the use of a second password must be approved by the administrator.
Similar to individual entries, you have the possibility to protect certain folders with an additional password. In this case, the password of an entry within this folder can be viewed only if the additional password is known.
For this purpose, the administrator must grant the Set second password right to the respective users or groups.
Protecting an entire database
By default, databases on the server are encrypted with the password of the admin account. This means that any database on the server can be opened if the admin password is known.
If you want to protect the contents of a database from being accessed by the super admin, you can encrypt the database, using a different password.
To accomplish this, first define a user who will be responsible for the database in question:
- In the Server Manager, right-click the user and select Properties. In the Roles tab, activate Database administrator.
- Now go to Databases in the Server Manager and click the database in question on the right and select Permissions.
- Now select the user, click Properties and make sure that Grant Admin Rights is enabled.
- Next, select the database in question that you want to protect from being accessed by the super admin and then select Properties.
- Click the Advanced tab and then click Change Settings. Now select Custom Password and enter a new password.
- Finally, you will receive the information that the password has been changed.
The database now remains accessible to all authorized users. However, the super admin can no longer view or manage it without knowing the new custom password.