Skip to main content
Question

Permission missing to share access to a new created credential vault

  • July 7, 2026
  • 2 replies
  • 20 views

Forum|alt.badge.img+12

Hi,

what is the best way to allow a user, that created a credential vault, to add further user or groups to this new created vault ?

the user is per default, not allowed to change the security settings of his own vault entry.

the vault should be made available to other user after it has been created ba a restricted user.

the only option I found to achieve this, is to grant the global → change security settings permission on the commcell level.
But this will allow the user to change other objects permissions as well, what is not desired.

(CommCell is running with CV11.40)

rgds

Klaus 

2 replies

Forum|alt.badge.img+17
  • Vaulter
  • July 9, 2026

Hi ​@johanningk ,
 

Based on the current configuration, only the owner of a credential entity can modify its security settings and add users or groups to the Credential Vault entry.

The ability to do this requires the "Change security settings" permission. However, granting this permission at the CommCell level provides broader access than desired.

Only the owner of the credential entity can change its security settings. There is no documented method to delegate just the ability to add users/groups to a credential vault entry without also granting broader "Change security settings" permissions.


The only way to allow a user to add further users or groups to their own credential vault entry is to ensure they are the owner and have "Change security settings" permission. However, as you noted, assigning this permission at the CommCell level is broader than desired, and there is no documented way to scope this permission more granularly for just their own credential vault entry.

Document for ref:
https://documentation.commvault.com/11.44/software/giving_users_permission_to_use_credential_entity_in_credential_vault.html

https://documentation.commvault.com/11.44/software/changing_owner_of_credential_entity.html

 


Forum|alt.badge.img+12
  • Author
  • Explorer
  • July 9, 2026

Ok.
as mentioned I’m currently on 11.40.

If I create a new vault entry, I am NOT allowed to assciate member with a given role to that newly created vault entry.

If this has changed in V11.44, I will probably get there in a couple of month.
The version has just been launched / made available and I’d like to wait at least 3 months, before upgrading ….

But looking at the documentation, the behavior did not really change.

Is there a reason, why a user, that creates a credential vault entry is not automatically the owner of this entry ?
The user is allowed to modify and delete the entry, but not entitled to use update security.

The custom role that is automatically assigned when creating the credential, allows to use and modify credential account.

As a work-around I have to ask a full admin, after I created my own vault entry, to modify the security of the vault to grant other users of my application group access to the vault.

rgds
Klaus