Requesting View Password Access Example

This steps through a simple example of requesting access for a password.

This same workflow can be used for Dual Control approval process...

Dual Control Explained

Admins can setup a implementation of dual control, also called 4-eyes principle / two-man rule / peer approval.

By having colleagues approve each other's requests, they work together to accomplish the action.

Create approver Role:


Assign an approver:


Modify Access Levels
Option A - Modify existing Access Levels


Option B - Create a new Access Level


Give Request Ability to Requestor

In the Home screen, navigate to the folder(s)/entries you wish your users to be able to request, and assign them the Request Access permission on those items.

Set Time Limit Option

The Request Approve workflow settings can be modified, from the settings menu in Settings > Access Approval. They allow admin to determine who can approve permanent access and to set the default time limits.



1. Approvers who can Grant Permanent access can be set:

2. Set the default expiry:

3. Set the Maximum expiration time:

Viewing / Requesting Access

Then your users can view the the folder / entry structure, and request access to it




Cancel / View Pending Requests


But although the users can open the entry, they will not be able to view the password or entry contents in the Web client. (Note: However, in the KeePass client some entry content information will still be visible in the Entry list or Preview pane such as the Notes, Title, and Username. This will also be restricted in an upcoming release, to align with the Web client).


Viewing Entry Contents

Add the additional action:



Users would then be able to open the entry, see the contents of the entry, but not the password itself



Approving Access

Approvers can view the requests


Upon clicking Approve (or Deny) include a comment and expiry date/time