Here’s a quick Vault tip for setting up your user groups. If you create a parent group within the Vault called “Vault Users” and then create the necessary child groups that belong to the parent as follows:
- Vault Users
- Team Group A
- Team Group B
- Team Group C
Now only assign the allowed vault to the parent group “Vault Users”. There should be no association of any Vault to any child group. All permissions are handled by the child groups. The parent group “Vault Users” only handles which Vaults are allowed.
By disabling the “Vault Users” group you can disable all users in one step. This is helpful if you want to perform some maintenance or configuration activity that requires users to be locked out of the vault. Make sure your administrators aren’t included in the “Vault Users” group. They should be in a seperate “Vault Admins” group.