Ownership & Roles
Establish Ownership for Accounts and never leave them Orphans
Establish clear-cut ownership for all your passwords. By default, the one who adds a particular password becomes the owner of that password. Unless shared, the owner alone will be able to access the password and no one else will be able to see that password. Thus, access to the sensitive passwords is effectively controlled.
Transfer Ownership when Someone Leaves
In the event of one of the users leaving the organization, you can transfer the secrets owned by that person to some other administrator. The provision for transfer of ownership also comes in handy when one administrator adds all the secrets to Zoho Vault and later allots them to other users based on their job profile.
Acquire Secrets when Someone Leaves on Bad Terms
When someone leaves your organization on bad terms, transfer ownership simply does not work. In such situations, super-admin can acquire the 'Enterprise' type secrets owned by that user. This facility can be availed through a simple setting which basically introduces a change to the encryption of secrets. All enterprise secrets will be encrypted using the org key, instead of user's passphrase.
Assign Roles for Access Controls
Assign roles to your users and establish fine-grained access controls. Zoho Vault comes with three pre-defined roles - Super Admin, Admin and User. The administrator of the organization is designated as 'Super Admin', who will have the privilege to invite other users to join Zoho Vault and also make any user as 'Admin'. These privileges are exclusive to 'Super Admin'. Users designated as 'Admins' can serve as the administrator for Zoho Vault and carry out all admin operations listed under "Admin" tab, approve secret sharing requests from users and define password policy for the organization. Those with the role "Users" will not be able to perform the admin operations.