Start a new topic

A credential object which means "my current Windows identity"

Is there a credential which translates to "the user that I am currently logged on to my local machine with"? If not, can there be? I want to share a document full of objects amongst my team, with the credentials pre-populated and saved. Some connections are legitimately using shared credentials (and these are saved in the document), but many of the connections should be logged into as the individual team member's Windows login. I don't want to share a document which hard-codes my Windows login, and I don't necessarily want to mandate that everyone keep a common-named credential in their own personal document (but this is my immediate workaround). I would like to store a credential in the shared document, but for that shared credential to resolve to the current user principal. (Note that I'm not suggesting that you should attempt to extract/store the password for the current principal; just that you should attempt to do the basic Windows/SSPI authentication as the logged-in user...) Hopefully I make it clear enough what I am asking for. (I also note that this forum software is eating my newlines and spacing, so apologies if this comes out as a big wall of unbroken text).


Hi!


we have actually a quite powerful system to make connection sharing easy and secure. The way you setup your credential configuration in your connection is to refer to credentials "by name" and let each user have their own (personal) document open at the same time with a credential using that exact name. You can find out more about that feature here:

https://www.royalapps.com/go/kb-all-teamsharing


Let me know if this helps.


Regards,
Stefan

Storing a connection by name is already the current workaround, as mentioned when I said...


"...and I don't necessarily want to mandate that everyone keep a common-named credential in their own personal document (but this is my immediate workaround)."


The workflow of the by-name credential for any new user of my shared document isn't ideal, which is why I was hoping to avoid it.  Consider...

  1. User A attempts to open a connection with a named credential
  2. User A does not have that credential, nor does shared document
  3. User A is prompted for a credential, can choose to "Create credential object"
  4. User A creates credential object.
  5. By default, credential object is saved in same folder as connection object, so in the shared document (I know you can choose the parent folder, but it's 6 "tabs" down in the dialog, and we're talking new, unfamiliar users, here)
  6. User B opens connection; named credential matches the one User A accidentally created
  7. User B logs on as if User A
  8. No-one is ever prompted for a credentials again, and everyone logs in as User A from now on.

Perhaps what is needed is a per-document option to restrict credential objects being created in a given document?  It would, of course, need to be overridable by the document owner.

Hi,


Thank you for posting the details of your workflow. Off the top of my head I can offer the following solutions:

* to prevent users from accidentally storing their creds in the shared document you can put it on a share where only the doc owner has write permissions.

* alternatively you can leverage the lockdown feature and make the doc read only for the users:

https://content.royalapplications.com/Help/RoyalTS/V5/index.html?tutorials_workingwithlockdowndocument.htm

Note that there may be some restrictions when using lockdown.


* if it's always the same credential a user logs on to all systems, you can also use the Overrides feature to apply the user specific credentials to the connections:

https://www.royalapps.com/blog/new-feature-overrides


Let me know if one of these solutions are helpful.


Regards,
Stefan

Login or Signup to post a comment