Password Delegation

Feature requests
1

Like: As a user I can temporarily delegate a credential i have access to, so that another user can access the same password for a set amount of time

Q1. What is the problem that you are trying to solve?
In collaborative environments, it is common for a user to temporarily need access to a credential they do not own, currently passbolt does not support such time-bounded delegation of credentials/secrets, you could only share it permanently, such operations are also commonly achieved with third-party softwares/services, making it less auditable from a security standpoint.
With password delegation (mainly tenant-bound but this could also be a feature expanded for outbound sharing like i’ve seen in other feature requests) the user could keep the delegation in-house and the admins could keep track of such credential sharing.

Q2 - Who is impacted?
This feature would primary benefit medium to large teams and/or business subject to strict certification compliance, credential delegation is also a common feature in other PAM softwares and could lead to better adoption of passbolt, both for self-hosted community users and passbolt business customers.

Q3 - Why is it important and/or urgent?
Without this feature teams are incentivised to make permanent secret shares “just to be safe”, or to use third-party softwares, strategically it would close the gap versus other enterpise PAM tools, it also complements existing RBAC and activity logging features, extending their value proposition.

Q4 - What is your proposed solution? (optional)

  • User Stories
    • As a password owner, I can delegate access to a credential I have share-rights on, specifying a recipient user and an expiry date/time, so that they can use the password without me permanently sharing it.
    • As a delegatee, I receive an email notification when a credential is delegated to me, including the expiry time, so I know what access I have and for how long.
    • As a delegatee, I can see delegated credentials clearly distinguished from my permanent shares in the password list (e.g. with a clock icon and a countdown), so I am aware of the temporary nature of the access.
    • As a password owner, I can revoke a delegation at any time before it expires.
    • As an administrator, I can see all active delegations in the admin panel and revoke any of them.
    • As an administrator, I can set an organization-wide maximum delegation duration (e.g. 24h, 7 days) to enforce policy.
    • As any user, when a delegation expires, I receive a notification and the credential is automatically removed from my accessible passwords.
  • Test Scenarios (Given / When / Then)
    1. Successful delegation
      • Given that Alice owns a credential and Bob is an active user
      • When Alice creates a delegation for Bob with an expiry of 3 hours
      • Then Bob receives an email notification, can see and use the credential, and the delegation appears in the activity log
    2. Automatic expiry
      • Given a delegation for Bob on Alice’s credential with a 3 hour expiry
      • When the expiry time is reached
      • Then Bob can no longer access the credential, both user receive an expiry notification, and the event is logged
    3. Manual revocation
      • Given an active delegation from Alice to Bob
      • When Alice revokes it before expiry
      • Then Bob immediately loses access and receives a notification
    4. Policy enforcement
      • Given that an admin has set a amaximum delegation duration of 24 hours
      • When Alice attempts to create a delegation with a 3 hour expiry
      • Then Passbolt rejects the request
    5. Delegation does not grant re-share rights
      • Given that Bob has a delegated credential from Alice
      • When Bob attempts to delegate the same credential to Carl
      • Then Passbolt rejects the requests since Bob only has temporary read access
  • Functional Requirements
    • Functional
      • Delegations are read-only by default; no edit/delete rights on the credential itself are granted
      • A delegatee cannot further delegate a credential they received via delegation
      • The password list view should include a “Delegated to me” filter and visually indicate expiry (ex. a badge showing “Expires in 3h”)
      • Email notifications should be sent at delegation creation, expiry, and revocation (configurable from admin)
    • Non Functional
      • The feature should be available via the Passbolt API so it can be integrated into external workflows.

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)
0 voters