Usage Comments
Share KeePass Passwords with your Team of multiple users
(Available with Enterprise+)
Usage Comments can now be configured on folders and entries. A Usage Comment opens a simple entry window asking the user to comment and explain the reason for the change being made.
Usage Comment
When a Comment Trigger is activated, a pop-up appears requiring the user to enter and submit a comment, prior to completing their desired action. In the event they do not enter a comment and cancel, they will not be allowed to continue with their action.
These Comments are logged and can be reviewed by administrators.
Configuration Steps
- Comment Triggers - must be created, to define when comments are required. (Under Advanced > Comment Triggers)
- Comment Requirements - can be set on Folders or Entry via the "Folder Actions" menu and the Entry "Action" Menu. The are configured in the same fashion as for Notifications or Security.
Comment Triggers
Required Comments (RC) use configurable and reusable Triggers to activate on set actions, much like Security Access Levels and Notifications. However, they are intended for common user actions and you will see fewer actions to trigger on.
For each action set as true on a Trigger, as long as that trigger it used in a configured Required Comment, the configured Users/Roles will be prompted with a Comment window every time they carry out one of the actions.
Create or Edit Comment Triggers by accessing:
- Main Navigation bar > Advanced tab > Comment Triggers
Anything marked true under the column 'RC' indicates the action will trigger a Required Comment when used on a Entry/Folder with Require Comment Setup.
Explaining the Differences
Triggers vs. Access Levels: Comment Triggers are independent of the Access Levels. Although they look similar and have similar fields, the Access Levels are used to control a User or Role's ability to access different portions of the Password Server. The Comment Triggers are used to activate when a defined User or Role exercises one of their available Access Levels. In the event that a Trigger is set for an Access Level that is not granted to the Triggering User or Role, no Comments will be generated.
Comments vs. Notifications: While Notifications inform the recipient(s) of User activity through the set Access levels combinations, Comments are intended to be used as an indication to 'Why' the user made the specific action. This indication is done by the text the user will enter into the Comment Box that will pop-up. Although the Notification Triggers and Comment Triggers look nearly identical, they have separate purposes.
Comments within Notifications: In the scenario that a user action triggers both a Comment and a Notification, the notification email will also include the comments within it.
Configuring a Usage Comment
Once at least one Comment Trigger has been created, it is possible then to configure a Required Usage Comment.
1. Select "Comment Requirements" for a folder or Entry
2. You will be prompted with a configuration window.
3. At the bottom you can select to "Add Comment Requirement", and you will be capable of configuring three areas:
- Comment Trigger: You can select a single Comment Trigger to use for determining which actions will cause a window prompt.
- Triggering Roles: The user Roles that will be prompted with the comment window. Any User that has any of the Roles configured as a Primary Role or Sub-Role will be prompted.
- Triggering Users: The Users that will be prompted with the comment window. This field is used more for setting specific users rather than a general blanketing configuration as with a Triggering Role.
After Configuring a Required Usage Comment, it will be displayed in the table. Below is an example with the configuration menu open.
Triggering on Folders
Adding a Required Comment to a folder will also activate on all the sub folders.
Note: Be careful when adding Required Comments to Root Folders, because many Comments could be triggered!
Example: There exists a Sub-Folder "Common" under the "Root" Folder (Root > Common).
- The Administrator adds a required comment to Root.
- User John adds an Entry to the Root Folder --> this triggers the Comment Window.
- User John adds an Entry to the Common Folder --> this triggers the same required Comment, and the Comment Window will pop-up.