Hello,
We use CE of passbolt and we want to disable personnal password in the workspace.
We saw RBAC “Can see users workspace” and denied it for users but they are still able to create personnal pasword.
Best regards.
1 Like
G’day KVUMFocAi9,
Two things are at play here.
The “Can see users workspace” row does something different
That RBAC control maps to the Users workspace (the people-management tab where admins list and manage user accounts), not the passwords workspace. Denying it hides that tab for non-admin users. It has no effect on creating or viewing passwords.
There is no setting to block personal password creation
passbolt does not have an RBAC action, or any other configuration, to prevent users from creating their own passwords. The full set of controllable RBAC actions covers things like import/export, secrets preview and copy, sharing, folders, tags, and mobile/desktop transfer. Creating a resource is not in that list and cannot currently be restricted.
A password that a user creates and does not share is simply un-shared. There is no separate “personal password” class with its own controls.
If the goal is to keep everything centrally managed, the practical options today are organisational rather than technical: shared folders and groups for all team secrets, RBAC restrictions on import and export to limit how data enters and leaves passbolt, and policy guidance to users. Let me know what you are trying to achieve and I might be able to suggest an approach.
Cheers
Gareth