Admin add group admin in Password Safe

albertros

Hi,
When doing a csv export, it is only possible to export entries that one have access to(obviously).

Is there a way (including modifying the SQL database by hand) to add a specific user as group admin of all groups in Password Safe so that this user can export all entries to csv?

In case someone creates a group, and adds people to it -but not the user who normally does the export, we can't export the entries from that group. This can be an issue if e.g. the creator of the group is on holiday.

Understandably, there might be some application-logic that makes this impossible without code changes, but would this be doable inside the database?

Thanks,

/tony

lsw-fabian

Hi @albertros,

I dont think that you could do it afterwards, because that would screw up the security aspect. But maybe @gabriel could correct me if i'm wrong 🙂

However, there is an configuration inside the password safe to add a standard group to new entries.

For example this could be the administrator group - but be aware that users could always remove this afterwards.

gabriel

The implementation of the PW-Safe app in REI3 is based on end-2-end encryption. There is no way to give access to entries that have not been encrypted for somebody else, unless a person with access grants it. Reason being, that somebody needs to be able to read encrypted information, before being able to encrypt it for somebody else.

E2EE is a high security standard which does not allow convenience features that some other encryption schemes can offer. It makes sure that no-one (including admins, software manufacturers & potential attackers) can access data as long as they do not get user credentials, even if they have access to the system or database.

As @lsw-fabian mentioned, there is a setting, where new entries receive a specified group by default (like an admin group); this could help you in the future. However it can be overwritten by the user as it´s still up to the individual to decide who should get access.

As for how to address your issue at the moment: You will need to convenience affected users to grant the desired access. Nobody can make their encrypted data readable, unless they decide that this is what they want.

albertros

Thanks @[deleted] and @[deleted],
That all makes perfect sense. I guessed it might be set up that way.

/tony