Safes that are created in the PVWA are based on properties specified in a Safe Template. Users who have the Manage Safe permission in the Safe can modify some of the Safe properties that can be updated in the PVWA. This section describes the properties that can be changed in the PrivateArk Administrative Client. The tasks described In this section are for advanced management and configuration, and are rarely used.
When you create a Safe, you determine how the files in it will be stored, accessed, and categorized. At any time after a Safe has been created, you can modify the Safe property settings.
Different configurations influence the way you can work with the Safe. For example, you can configure a Safe for Sharing, which mean that it can be accessed through a variety of applications through the Password Vault Web Access.
A new Safe is defined in the New Safe window. The first tab is mandatory, although every other tab contains default settings which you can accept as your own.
In the PrivateArk Client, logon to a Vault.
From the File menu, select New, then Safe; the New Safe window appears.
In the General tab, specify the name of the Password Safe and any other relevant details.
If the passwords in the Safe will be managed by the CPM, display the Preferences tab and make sure that Retrieved is selected.
This will enable the Safe Owners to track password activity at a glance, and specifically, will enable the CPM user to identify passwords that are marked as OneTimePasswords and have been added or retrieved.
In the Restrictions tab, you can determine the hours during which a Safe can be accessed, by selecting one of the following:
All Hours – Safes can be accessed at any time.
From – Safes can only be accessed between the specified hours.
You can also determine whether or not there will be a delay between when a Safe is opened and when it can be accessed. Specify the length of the delay in minutes.
In the File Categories tab, check that Use File Categories is selected. This enables you to use password properties.
If the passwords in this Safe will be managed by the CPM, this option is required for the CPM user to identify passwords.
To create or add new account properties, refer to Define custom account properties.
In the Sharing tab, select Share this Safe, and then select one of the following options, depending on the type of authentication you specified during Password Vault Web Access installation:
Enable access to fully impersonated users
Enable access to impersonated users with additional Server authentication.
From the Gateway Account drop-down list, select the Gateway Account group that was created as part of the Password Vault installation, then click Add; the Gateway Account group name is added to the list of Accounts that the Safe is shared with.
In the other tabs, specify additional Safe properties.
Click OK; the new Safe is now ready to store passwords in it, and can also be accessed by authorized users through the Password Vault Web Access.
Update Safe properties
If you have the Manage Safe authorization, you can modify the properties of an existing Safe.
Open the Safe, then from the Safe menu, select Properties; the Properties for Safe window appears.
This window is similar to the New Safe window, except that the Safe name cannot be changed. You can modify all the properties in the different tabs as described above, except for those in the Encryption tab.
You can rename an existing Safe. This doesn't affect the contents of the Safe in any way.
A Safe can be renamed even though other users might have files in the workspace. However, when the user logs on or off from the PrivateArk Client, a message box will appear to tell him that the files cannot be returned to the Safe, and to enable him to save the files in a new location.
|Open the door of the Safe to rename, but remain in the Safe view.
|From the File menu, select Rename; the name of the Safe appears within a white text box for you to change.
|Type the new name of the Safe, then press Enter.
The Safe and its files can be deleted from a Vault. However, you can only do this after the version retention period has expired for all files.
You cannot recover a deleted Safe, so make sure that you will not need any passwords or files that are stored in it.
Select the Safe to delete, then from the File menu, select Delete; the Safe and all its contents is deleted.
For more information about Safe ownership, refer to Safe Members.
After you log onto the Vault, the Safes that you are authorized to access appear in the Working Area. You are a Safe Owner of these Safes.
Safe Owners are users who have the authority to enter the Safe and work with passwords and files in the Safe or make changes to the Safe itself. Authorizations may vary according to the settings of each Safe Owner. For a complete list of Safe Owner rights, refer to Safe Members.
A Safe Filter box enables the user to filter ‘his’ Safes and display a group of Safes, rather than all of them at the same time. The filter box displays all the locations that the user has access to, in addition to locations that contain Safes which the user owns. By selecting a location, the user can view the Safes in that location and its sublocations.
To begin working with the files in the Safe, open the Safe and then enter to display the files inside.
|Logon to a Vault. The available Safes are displayed in the Working Area.
|Select a Safe, then from the Safe menu, select Open and Step Into,
Double-click the Safe to open.
The contents of the Safe are displayed in the working area.
There are some advanced users who may wish to remain at the “Safe level”. By opening the Safe, but still remaining outside the Safe itself— you can update the Safe properties (e.g., size of the Safe) and perform other administrative tasks.
|Click on a Safe, then from the Safe menu, select Open . The Safe is opened, but you remain outside the Safe itself.
You can configure your PrivateArk Client to open the Safe, but not to display the contents of the Safe.
|From the Tools menu, select Options; the Options window appears.
|In the General tab, clear ‘Display Safe contents on double-click/Enter’, then click OK.
Display Safes by location
The Safes you own are displayed automatically when you log onto the Vault. The Safe Filter enables you to display Safes that have been created under a specific location, and therefore reduces the number of Safes that appear on your screen.
From the Safe Filter drop-down list, select the location where the Safes you want to display were created; the Safes created in that location appear in the Safe view.
You might not have the authority to open a particularly secure Safe until you receive “clearance” from one or more of the Safe’s Owners. The Requests icons on the side of your screen will indicate when clearance has been requested, and when you have permission to enter the Safe.
For more information, refer to Dual Control
Another security feature prevents Safes from being opened except at certain times (e.g., 8 a.m. to 5 p.m.). If you try to enter at a time that has not been designated for access, you will receive a message that informs you that the Safe is unavailable.
When you close a Safe, all retrieved files that are in the PrivateArk Workspace are returned automatically to the Safe. It is important to close the Safe after you’ve finished working with your files to prevent them from being left outside the Vault where they are not secure. Files that are in use by another application cannot be returned until they are closed.
From the Safe menu, select Close; all retrieved files are returned to the Safe and the Safe is closed.
If any files are in use by another application, a message box appears to inform you. The message box prompts you to retry returning individual files to the Safe, or to skip them and leave them out of the Safe.
To return files that are in use, toggle to the open file, close it, then click Retry.
To leave the files out of the Safe, click Skip.
Whenever necessary, you can view records of all Safe activity. This includes the activities of all Users or each individual User. The Safe activity window displays the names of the Users who have handled files, when, and for what purpose.
For instance, a manager at a large firm can view the activity of everyone who has opened a Safe or the Safe activity for an individual employee.
The Safe activity window can be displayed whether the Safe is opened or closed.
Select a Safe, then from the Visual Security menu, select Inspect, then Safe Activity,
Select the Safe to inspect, then click Inspect on the toolbar.
Periodically, you need to clear the Safe history to avoid unnecessarily long lists and confusion. Only file versions and Safe history logs that have been held for longer than the time specified in the Safe Properties History window can be deleted.
The PrivateArk Client reminds you to clear expired Safe history on a regular basis when you log on to the Safe, by displaying the following message.
However, your System Administrator can make this action automatic so that expired history is cleared regularly without displaying this message window.
From the Tools menu, select Clear Expired History, then Safe.
Alerts indicate the type of activity that has happened using an account.