As an admin I can audit passwords that are not shared with anyone

admin
groups
#1

Q1. What is the problem that you are trying to solve?
This is to protect from a scenario like this: Employee adds a critical company credential. Perhaps they even share it with some relevant groups. Employee leaves the company, remove the permissions, there is no way for us to access their account and change ownership of passwords. I don’t see an easy way to identify non-personal passwords that a user added but didn’t change the ownership to the proper user/group.

Q2 - Who is impacted?
Administrator that manage user coming and leaving their org.

Q3 - Why is it important and/or urgent?
It can create security issues in the sense that password availability can be reduced by a rogue or careless employee.

Q4 - What is your proposed solution? (optional)
To prevent this I would like to periodically run an “audit” and request those users that retained ownership of non-personal passwords to relinquish ownership to a designated owners “group”. Perhaps this could also be managed through a checkbox or tag when creating a new password: “Personal”, and if it is NOT marked personal, the owner is automatically (and mandatory) set to a particular group, and the creating user is ONLY added as a “can change” credential.

ref. https://github.com/passbolt/passbolt_api/issues/110

Q5 - Community poll
What does the community think about this? Let’s vote!

  • Must have: this is critical for me to have this
  • Should have: this is important for me to have this
  • Could have: this could be nice to have
  • Won’t have: we should not schedule this (explain why)

0 voters

0 Likes

#2

any update on this, we are reviewing passbolt and feel this is a limitation. We would like an auto share feature which I guess gives the same result. We don’t want user x to create a password for client y and then go on holiday and we have a problem and we cannot access the passwords for the client.

0 Likes

#3

@SteveDrakey we have not started working on this yet, but it is still on our radar.

0 Likes