how to easily which passwords have been shared with an distinct individual on behalf of rest of users from a passbolt application

in general, I’m investigating how to easily control which passwords must be updated when employee left a company.
may anybody could give me some recommendations?

Hello @Warfolomey, welcome to our community :slightly_smiling_face:

When you are talking about “updating passwords” do you mean update the password that the employee has access to or/and sharing his unshared passwords?

For the action logs, I’ll suggest you to take a look at this interesting post

For all of his unshared passwords, what I’ll recommend to do is to have a policy where you instruct your users to share all created password properly, this is something you’ll have to discuss with your users as we don’t have a way to do this in our system right now. It could be with a specific group, with individual administrators, through folders permissions etc.

Hope it helps :wink:

Hi @antony.
I’ll try to clarify:
during of work on company an employee can have recieved some passwords by other coworkers, and when a termination time will come this passwords must have beed changed due to security measures.
So I’m searching for a way how to do that.

As of right now, we do not have a way to do that automatically, you’d have to update secrets manually, but you could create a feature request for that as I don’t see similar feature request here so everyone from the community can share their thoughts on this idea.

@antony, is there the way how to obtain list of passwords which have been received by certain user from his coworkers for a while instead of clicking every password entity and searching for the username into a “shared with” area?

So I’ve played a bit with MySQL queries and I might have found something that could interest you:

SELECT, users.username 
FROM secrets
INNER JOIN users ON = secrets.user_id
INNER JOIN resources ON = secrets.resource_id
AND resources.created_by !=

I have set up an environment where I have two users (ex-employee and employee)

  • Assuming I am the ex-employee

    • I have 10 passwords that I’ve created and one of them was shared with another employee (I’ve intentionally shared a password from this account to make sure it will not appears in the result since the ex-employee is the owner): shared_from_ex_employeed
  • Assuming I am the employee

    • I created one password that is not in a folder: password
    • I created a password that is in a shared folder: password_in_a_folder
    • Both of them are shared with ex-employee

After running the query, I’ve got:

| name                 | username            |
| password             | |
| password_in_a_folder | |
2 rows in set (0.001 sec)

So, it should list all the resources name that is shared with a specific user and that have not being created or shared by this user. Is that what you are looking for?

@antony that’s cool!
I appreciate you are diving in my issue. I’m certainly took that in order to resolve the issue.
But one more question, is there any plans to implement one in GUI?

IMHO it could be a really good feature, as far as I know it’s not planned yet. As I said, feel free to open a feature request and see what the community thought about this idea! :wink:

all right then, thanks for conversation and especially for help with my issue

The Force is strong with this one :slightly_smiling_face:

1 Like