Credentials in shared database

[abailey]

We have just rolled out patch 2 of ASG-RemoteDesktop 2015.

It was originally set it up in a test environment using only SA (SQL admin) credentials. In the test environment Connections and Credentials were created.

When the program went live on a production server the connections/credentials were exported and then imported again. This was done originally in the SA account. The software import counters looked normal (matched the number of records imported) and there we no errors.
On the production server, if logged in as SA the credentials have still carried over. However, We have also enabled Windows authentication, based on a single AD group – these users/the group are also an administrator, the same level as the SA account.
However, when we log in an AD account, the credentials don’t show up, only the remote connections. If I try and import the connections and credentials again under AD account (with admin access), it doesn’t even give an option to import credentials.
I can’t even create a new group credentials under an AD account, only the SA account. The credentials group also has no ‘security’ properties to change (when logged in as SA and it is visible)
I’ve done some searching on the forums and believe it is a feature but there was a bug in earlier versions preventing this. But the fact I can’t even make new credentials makes be believe it could be an intentional security feature of the software.

I just want some clarification if I can have shared credentials beyond just the SA account, and if so how.

[DevOma]

Ok, you created credentials with your first account - I think they are all marked as "private" - so these objects are only visible for the account that has created them - you can convert these credentials to public with the account that has created them.

Scurity - if you have Security/Permissions enabled (Tools=>Options=>Permissiions) you can set permissions on each folder level - goto any object, goto Properties dialog and switch to Security in tree view - the default is that the values wlll be inherited from parent folder - you can choose at the top of the dialog how you want to use each Properties category - switch to "Default Values" to edit your values - there you can add groups with special permissions...

Hope that helps - else you can ask again :-)

[abailey]

Hi,
Just had a look at the original database.
Public/Private is greyed out.

As mentioned.. I can see credentials as SA account, but never when logged in as an AD user. Is this on purpose?

[DevOma]

No

Private credentials can only be accessed by the creator - you can choose private/public when creating new items - after that only private objects can be converterd to public.

I will try to reproduce by creating some public creds, export and re-import in another database...

[DevOma]

It's working like it should :-)

Do you have Permissions activated? Tools=>Settings=>Permissions???

If so, the users must be granted to see objects in the navigation tree

[abailey]

Permissions active. Everything else imported across minus the credentials.

[DevOma]

Did you check if your credentials are marked as "Private"? Did you check if your AD-Users have valid permissions to see sub objects under credentials? I can only explain you how it works - and I can reproduce what you are telling me - but everything works as expected - so there must be any wrong configuration or you found a new bug...

[abailey]

Hi,
Test install was created with just SA, then exported.
New install SA can see everything imported
AD users can see all connections, but no creditials.
On the original install Private/Public are greyed out. with no 'security' options (groups, users etc.)
Same with the new install under SA account.

[DevOma]

I have to ask again - is are the Credentials marked as private or public. Greyed out was not the question...

[abailey]

Creds were marks as Private.. but unable to change

Looks like this is by design.

[DevOma]

No - the user who has created private objects should be able to convert it to public - so we're coming closer to the problem :-)

There is a permission setting for "converting private to public" - but if you are logged in as Administrator (your user is in the Administrator group) or you have Permissions deactivated this option should be available - else you have to add this permission setting. (Global setting in the details of a security group)

Or another reason could be that the folder in which the credentials are is also marked as private - In a private folder it is not possible to store public credentials (make no sense - nobody else could see) - can you check this too? Perhaps you only need to convert the folder first to public? The question would be why the folder is marked as pruivate? Did you configure it in your initial install of the db as private or is it imported wrong???

[abailey]

Hi,
I've just tried this.. The credentials 'folder' is indeed set to private.. but it is greyed out.
How an I change it to public?

[DevOma]

Ok, now we got it - seems to be a bug

If I create a private folder, save it, open again it is possible to convert this folder to public - but if I add credentials to it (also private) the private/public option is greyed out - I have to check that and will fix it for the next patch...

[DevOma]

Workaround idea is that you create a new cred folder (public) - move your private credentials to that new folder - now you should be able to convert your credentials to public - else you have to wait for the next patch (planned for the next 2 weeks)

[abailey]

Hi,
When I right click the left pane I only get options for new Folder or Ext Application.
In either the AD admin accounts or SA account.

[DevOma]

You have to select the right object first - if you click on "Credentals" - and then right click you should be able to create Folder or Credentials - if you click "Connections" you should be able to create a new Folder or Connection and so on...

[abailey]

Hi,
I can only create a single new credential. Not a new credentials folder.
Is this correct?

[DevOma]

No

As Administrator you should be able to do everything - on Credentials root object you should be able to create Folder and Credentials - on Connections-root => Folder and Connection and on Ext.Ap-root => Folder and Ext.App.

Is it not in the New menu? Is it disabled? Are you looged in as member of the Administrator group?

[abailey]

Hi,
All of the above, except there are only new 'folder' and new 'ext app' options.

[DevOma]

It depends on what you have selected in the navigation tree view - you have created some objects in an initial environment - can't be that this is not possible in a new environment - I never heard such problems

Could you create a new environment and add there objects? Is it really a problem with your current environment? I would really like to help... but at the moment I can't comprehend what are you doing