Requesting View Password Access Example

This steps through a simple example of requesting access for a password.

This same workflow can be used for Dual Control approval process...

Dual Control Explained

Admins can setup a implementation of dual control, also called 4-eyes principle / two-man rule / peer approval.

By having colleagues approve each other's requests, they work together to accomplish the action.

Create approver Role:

 

Assign an approver:

 

Modify Access Levels
Option A - Modify existing Access Levels

 

Option B - Create a new Access Level

 

Give Request Ability to Requestor

In the Home screen, navigate to the folder(s)/entries you wish your users to be able to request, and assign them the Request Access permission on those items.

Set Time Limit Option

The Request Approve workflow settings can be modified, from the settings menu in Settings > Access Approval. They allow admin to determine who can approve permanent access and to set the default time limits.

 

Options

1. Approvers who can Grant Permanent access can be set:

2. Set the default expiry:

3. Set the Maximum expiration time:

Viewing / Requesting Access

Then your users can view the the folder / entry structure, and request access to it

 

Requesting

 

Cancel / View Pending Requests

 

But although the users can open the entry, they will not be able to view the password or entry contents in the Web client. (Note: However, in the KeePass client some entry content information will still be visible in the Entry list or Preview pane such as the Notes, Title, and Username. This will also be restricted in an upcoming release, to align with the Web client).

 

Viewing Entry Contents

Add the additional action:

 

 

Users would then be able to open the entry, see the contents of the entry, but not the password itself

 

 

Approving Access

Approvers can view the requests

 

Upon clicking Approve (or Deny) include a comment and expiry date/time