1. Via PAM one can manage secrets related permissions space from Group/Vault level.
2. Trying to see if Secrets can be managed from Secrets level itself, for example one has User1 and User 2 in a Group A ---that is, If two secrets are in the Group vault. Can one split the permissions based on secret such that User 1 cannot see User 2's secrets and vice versa though in the same group.
Release : 4.1.x