Unlimited Administration Mode
Overview
Unlimited administration mode is a feature designed to allow an administrator access to all secrets and folders in their Verify Privilege Vault instance without explicit permission. This can be used in the instance a company has an emergency where access to a secret is needed when no users who have permission are available. Alternately, it can be used when company policies require administrators to have access to all information in the system.
An unlimited administrator in Verify Privilege Vault has extensive capabilities, including access to all secrets and folders even without explicit permission. Here are some of the key capabilities and associated risks:
Capabilities and Risks
Unlimited admin mode is a double-edged sword and must be carefully managed:
Capabilities
Unlimited administrators have:
-
Complete Control: Access to all administrative features without restriction.
-
Access to All Secrets: Unlimited administrators can run Verify Privilege Vault in unlimited administrator mode, which grants them access to all secrets and folders.
-
Audit and Reporting: Unlimited administrators can generate and view over 90 out-of-the-box reports to monitor privileged access and ensure proper password hygiene.
-
Break-the-Glass Capability: This feature is part of the disaster recovery capabilities, allowing emergency access to secrets in critical situations.
-
Secret Checkout Override: Unlimited administrators can access secrets even when they are checked out by another user, ensuring accountability and traceability of secret usage.
Risks and Mitigation
Risks
Unlimited admin mode exposes Verify Privilege Vault to:
-
Potential for Abuse: With the ability to access all secrets, there is a risk that an unlimited administrator could misuse their privileges, intentionally or accidentally.
-
Security Gaps: Without proper monitoring and auditing, the extensive access granted to unlimited administrators could be exploited by bad actors if the administrator's credentials are compromised.
-
Insider Threats: An unlimited administrator could potentially become an insider threat if they decide to act maliciously or if their account is taken over by an external attacker.
Mitigation
To mitigate these risks, it is crucial to have robust monitoring, auditing, and alerting mechanisms in place. Verify Privilege Vault provides features such as automatic email alerts for unlimited-administrator-mode access, detailed audit trails, and the ability to require dual control for certain actions to enhance security.
A user with the "Unlimited Administrator" role permission can view and edit all secrets in the system, regardless of permissions—if and only if the unlimited administration mode is enabled in the configuration settings—but the Unlimited Administrator role does not have permission to enable the mode. To enable unlimited administration mode, the Administer Configuration Unlimited Admin role permission is required. This provides dual control, ensuring no single user can enable unlimited administration mode. Of course, you can bypass this safeguard by simply assigning both roles to the same user.
Enabling Unlimited Administration Mode
-
Ensure you have the Administer Configuration Unlimited Admin permission.
-
Click Settings on the main menu and select Configuration Search. The Search Configuration page appears.
-
Click the Unlimited Admin link. The Unlimited Admin page appears.
-
Click the Edit button.