Can BeyondTrust Password Safe support strict logical segregation between two departments (Network Division and IT Security Division) within the same Password Safe deployment, ensuring no visibility of assets, accounts, users, or sessions across divisions? Component Network Division IT Security Division PAM Admin Network PAM Admin Security PAM Admin Assets Network devices Security infrastructure Accounts Network privileged accounts Security privileged accounts Users Network engineers Security engineers Policies Network-specific Security-specific Reports Network only Security only Configuration Network Only Security Only

Question

Department-Level Segregation - Password Safe Use Case Validation

Forum|Forum|1 month ago
December 14, 2025
2 replies
44 views

+3

AmilaK
Trailblazer

Can BeyondTrust Password Safe support strict logical segregation between two departments (Network Division and IT Security Division) within the same Password Safe deployment, ensuring no visibility of assets, accounts, users, or sessions across divisions?

Component	Network Division	IT Security Division
PAM Admin	Network PAM Admin	Security PAM Admin
Assets	Network devices	Security infrastructure
Accounts	Network privileged accounts	Security privileged accounts
Users	Network engineers	Security engineers
Policies	Network-specific	Security-specific
Reports	Network only	Security only
Configuration	Network Only	Security Only

+4

Pulitros144
Veteran
Forum|Forum|1 month ago
December 15, 2025

@AmilaK Yes, you just need to configure the Smart Rules and Groups to see only what they need and have acess to only the specified features

PS

Like

M

MichaelF
Forum|Forum|14 days ago
January 16, 2026

Other option (more drastic option) is to create multiple organizations with in the main configuration page. This makes everything separate, including UVM appliances, but the backend database can be shared.

Like

Badge Earners

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded