{"id":48,"date":"2026-03-22T12:26:59","date_gmt":"2026-03-22T12:26:59","guid":{"rendered":"https:\/\/overlaps.co.uk\/docs\/?page_id=48"},"modified":"2026-04-01T15:21:22","modified_gmt":"2026-04-01T14:21:22","slug":"authorisation","status":"publish","type":"page","link":"https:\/\/overlaps.co.uk\/docs\/overlaps-documentation\/user-interface\/authorisation\/","title":{"rendered":"Authorisation"},"content":{"rendered":"\n

If you have configured an email server (see Email Server Configuration<\/a>) then you will have the ability to restrict user\u2019s permissions so that they require manual authorisation to read and\/or expire a computer\u2019s password in a given Organisational Unit.<\/p>\n\n\n\n

This is configured through the Permissions screen in the Config page (Container Permissions<\/a>), or by the per-User\/Group Self-Service settings (Self Service Settings<\/a>).<\/p>\n\n\n\n

If a user requires authorisation for an action, they will be prompted to provide their justification. This will then create an Authorisation Request which is emailed to any named Authorisers for that particular OU. Any one of these authorisers can then Authorise or Deny the request (optionally providing their reasoning).<\/p>\n\n\n\n

\"Pending
Pending Authorisation Requests<\/figcaption><\/figure>\n\n\n\n

Authorisation Page Sections<\/h2>\n\n\n\n

The Authorisation page is split into three sections (only one of which are available to non-authorisers):<\/p>\n\n\n\n

My Requests<\/h3>\n\n\n\n

Shows a list of Authorisation Requests for the currently logged in user and their status. Once authorisation has been granted, the user can click the hostname to directly access the password from this screen (without having to browse to or search for the computer again). They can also click the justification link to see the current status of the request and what responses (if any) have been given.<\/p>\n\n\n\n

Pending Requests<\/h3>\n\n\n\n

Lists any pending Authorisation Requests which the currently logged in user has permission to authorise or deny.<\/p>\n\n\n\n

Clicking the hostname<\/strong> of a computer will allow you to authorise or deny individual requests, or you can select multiple requests and click the Authorise\/Deny Selected Requests<\/strong> button to process them in bulk.<\/p>\n\n\n\n

Clicking the Read<\/strong> link under Justification will allow you to see that request\u2019s justification (if any was provided).<\/p>\n\n\n\n

Once a request has been authorised or denied, it cannot be changed. To cancel a request which was authorised erroneously you must instead delete it<\/strong>, this can be done from the Historical Requests section.<\/p>\n\n\n\n

Historical Requests<\/h3>\n\n\n\n

Shows a list of old requests which were either authorised or denied. Authorisation Requests are deleted periodically according to your settings (see Settings -> Security<\/a>). If you need information about an old request which has been deleted, you should consult the History page.<\/p>\n\n\n\n

Requesting Permission to Access a Password<\/h2>\n\n\n\n

If a user requires authorisation to view the passwords for the computers in the current Organizational Unit, then when they click to view one of those passwords, instead of immediately seeing the password, they will instead be prompted to request access.<\/p>\n\n\n\n

\"Prompt
Prompt to request Authorisation to view this computer’s password<\/figcaption><\/figure>\n\n\n\n

Users are given the option to provide additional justification for accessing this password. This is not required but is recommended for auditing purposes.<\/p>\n\n\n\n

Once the request has been made, any user or users who have Authoriser permission to this Organizational unit will be emailed to notify them that there is a request that requires their attention. They can then login to OVERLAPS and choose to Authorise or Deny the request.<\/p>\n\n\n\n

Users who require authorisation to view passwords cannot make use of the bulk \u201cDisplay Passwords\u201d feature to view all of the passwords in that container and must instead retrieve the passwords one at a time.<\/p>\n\n\n\n

\"Authorise
Authorise or Deny a Request<\/figcaption><\/figure>\n\n\n\n

Once a request has been authorised or denied, the Requester will be notified by email and only then will, if the request was authorised, be able to read the password.<\/p>\n\n\n\n

Authorisation Request Expiry<\/h2>\n\n\n\n

By default, as soon as a user who has received authorisation views the target computer\u2019s password, that request is then automatically expired. This means that if they attempt to view the password again, they will need to send another request.<\/p>\n\n\n\n

In the Security section of the site settings (see Security<\/a>), you can change this so that an authorised Authorisation Request will stay active for a given number of minutes after it is first accessed. This allows a certain amount of grace time in case the user forgets the password or needs it again very soon afterwards.<\/p>\n\n\n\n

Justification<\/h2>\n\n\n\n
\"Requiring
Requiring Justification<\/figcaption><\/figure>\n\n\n\n

If, instead of authorisation, the user is configured to have to provide Justification before viewing a password, they will be presented with this dialog so that they can log why they are accessing it. This information is written to the History Log.<\/p>\n","protected":false},"excerpt":{"rendered":"

If you have configured an email server (see Email Server Configuration) then you will have the ability to restrict user\u2019s permissions so that they require manual authorisation to read and\/or expire a computer\u2019s password in a given Organisational Unit. This is configured through the Permissions screen in the Config page (Container Permissions), or by the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":40,"menu_order":400,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-48","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/comments?post=48"}],"version-history":[{"count":2,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/48\/revisions"}],"predecessor-version":[{"id":366,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/48\/revisions\/366"}],"up":[{"embeddable":true,"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/pages\/40"}],"wp:attachment":[{"href":"https:\/\/overlaps.co.uk\/docs\/wp-json\/wp\/v2\/media?parent=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}