As a password owner I can set an expiry date on a user access right for a given resource

Q1. What is the problem that you are trying to solve?
Sometimes it becomes necessary to give a user or group access to a password that they normally do not require. (the critical person is on vacation, and someone needs to fill in temporarily) It would be convenient if when sharing to a user/group you could set an expiration date (would default to never), at which time the server would automatically remove the permission for the user/group.

Q2 - Who is impacted?
Password owners, group managers.

Q3 - Why is it important and/or urgent?
It will help with productivity when managing a lot of passwords.

Q4 - What is your proposed solution? (optional)

Wouldn’t the user still get that password (as a copy encrypted with user’s key) by email, which defeats the expiration?

My thoughts are that once there is logging/auditing trails in the future, you could query IF a user actually looked at a password.

My thought is, let’s say you had an employee leave the company. You could run an audit report and show me all the passwords that the user accessed (excluding passwords that had not been accessed since they were last changed). Now you would have a list of all the passwords that required changing due to employee turn-over.

The expiration just removes future access from the password. I’m not assuming they actually “looked” at every password that they had access to, only that they COULD if then needed to (ie: employee B is taking over for employee A, who is on vacation. If they didn’t actually ever have to USE any of the passwords, the audit trail would reflect that, and I can assume the password is still secure).

Ref. https://github.com/passbolt/passbolt_api/issues/114#issuecomment-340838614

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters