All Password Permission Inheritance from OUs
Currently, when a user creates a password he is assigned All Permissions regardless of what permissions he has on the OU.
So if a user has Read/Add permissions on an OU, he gets All permissions on the passwords he creates under the same OU.
This is a security risk, because an upset user can delete all passwords he created before he leaves !
Ahmed shared this idea