Solved

Enhancing security of emergency local user

  • 15 February 2023
  • 1 reply
  • 30 views

Badge

Hi,

 

Our security department requesting the following:

  1. Create emergency user with admin role (local)
  2. blocking any other admin from changing password/edit roles for this specific local user.

The idea is to cover a scenario where an admin user has been hacked, the hacker wont be able to change anything or even see the emergency user.

We did it with the user`s associated entities but it`s creating another issue - after granular deselecting the Emergency user from the User Group of our admins, any new users that been created are not shown to admins. We have to login with the emergency user and edit associate permissions to add those new users. There is no way to say “All users except specific user”

 

The question is if there is any workflow or built-in mechanism for emergency users so no other user will be able to reset its password, except the emergency user itself.

I`d appreciate your assistance

icon

Best answer by Amey Karandikar 15 February 2023, 12:42

View original

1 reply

Userlevel 3
Badge +6

There is no readymade built-in mechanism. There is a business logic workflow to check user password complexity. You can use this as a template and change it to verify who is changing the password.

https://cloud.commvault.com/webconsole/softwarestore/#!/136/670/7484

 

Reply