Skip to end of banner
Go to start of banner

Secret permission matrix

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Both the Hide If and Show If macros for Visibility feature the Label parameter. The following is a complete matrix of behaviors when using the Label parameter.

This may help users who prefer using labels with a dash "-" prefix (e.g. "-review") and how the Label parameter behaves when it encounters such labels.

View permission is required to view the content of the space. This permission is required for all the actions in the table below.

Action

Secret User

Secret Owner

Space Permissions

Notes

Create secret

N/A

N/A

  • Add checked under Pages and whiteboards.

  • Add/Delete checked under Restrictions or Admin checked under Space.

 N/A

Decrypt secret

 

 N/A

Edit secret

  • Add checked under Pages and whiteboards.

  • Add/Delete checked under Restrictions or Admin checked under Space.

  • Editing a secret means editing the page, followed by editing the secret macro.

  • The following values of the Secret are allowed to be updated:

    • Title

    • Description

    • Secret

    • Users

    • User Groups

    • User Owners

    • Group Owners

Change secret owner

  • Add checked under Pages and whiteboards.

  • Add/Delete checked under Restrictions or Admin checked under Space.

  • Changing secret owner requires the ability to edit the secret, similar access is required.

Delete secret

  • ⚠️ Deleting secrets require Delete under Pages and whiteboards checked. (The check for this permission happens in the background, if the permission check fails, it will not display any error messages)

  • ⚠️ Space admins without secret ownership could also delete secrets, but I don’t think we are catering for this use-case anymore, especially with the introduction of Read-Restricted secrets.

Restore or purge deleted Secrets

N/A

N/A

  • Admin checked under Space.

 N/A

Bulk upgrade secret

  • Add checked under Pages and whiteboards.

  • Add/Delete checked under Restrictions or Admin checked under Space.

 N/A

View secret list

N/A

N/A

  • Anyone with View checked under All.

 N/A

Secret administration

N/A

N/A

  • Admin checked under Space.

This includes the following tabs:

  • Audit Logs

  • Insights

  • Server Migration

  • Owner Restrictions

Migrate secrets

N/A

N/A

  • site-admins or org-admins group is required to perform the CCMA migration.

  • Admin checked under Space is required to perform the “Secret Transformation” action on the Server Migration tab.

 N/A

  • No labels