Add a Safe member

This topic describes how to add a member (user or group) to a Safe and the authorizations a user must have to add Safe members.

Required authorizations to Add Safe members

To add a Safe member, users must have the following authorization in the Vault:



Manage Safe Members

This authorization is given at the Safe level, as part of the Safe member authorizations.

It enables the user to perform the following actions:

  • Add existing Vault users and groups as Safe members in the PVWA

  • Add users in external LDAP directories as Safe members in the PVWA

  • Specify and update Safe permissions

  • Remove a user from a Safe

Add a Safe member

  1. In the Safes list, select the relevant Safe.

  2. In the Safe properties pane, click the Members tab and then click Add Member.

  3. Select the members for this Safe, and then click Next:

    1. Under Source, select from where the users or groups will be retrieved.

    2. Under Member type, select whether the members are users, groups, or both.

    3. Search for specific users and/or groups by entering at least three characters contained in the name of the user or group.

    4. Select the members that you want from the list of results, and click Next.

  4. By default, the member's expiration date is not set. To specify a date when the user's Safe membership should end, click Set next to Membership expiration is set to off, and select a date.

  5. Set the Safe member permissions:

    • Select one of the Permission preset groups or select a custom group of specific permissions.

    • Click Show permissions to view the permissions in a group.

    • Click a group's title check box to select or remove a group of permissions.

    • Click a check box to either select or remove a specific permission

      For detailed information about permissions, see Safe member permissions.

  6. Click Add.

    The user or group is added to the Safe.

For more information about managing users in external directories, see Manage external user accounts. For more information about configuring search parameters for LDAP users and groups, see LDAP directory search parameters.

Safe member permissions

Safe member permissions are grouped according to functionality. When adding a Safe member, you can assign a group of permissions to a Safe member or choose specific permissions within a group.


When you assign permissions to a new Safe member, you can only assign the specific permissions that your user has.

Safe member permissions are separated into the following groups: