Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Time-Based Roles for Automated Access Management #4973

Open
mehrdad-khojastefar opened this issue Jul 28, 2024 · 0 comments
Open

Time-Based Roles for Automated Access Management #4973

mehrdad-khojastefar opened this issue Jul 28, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@mehrdad-khojastefar
Copy link

Is your feature request related to a problem? Please describe.

Managing roles in HCP Boundary can be quite cumbersome because roles are permanent and need to be deleted manually to revoke access. This process can be time-consuming and is prone to human error, especially in environments with frequent role changes or temporary access needs.

Describe the solution you'd like

I would like to see a feature that allows setting a Time-To-Live (TTL) or a specific expiration timestamp for roles in HCP Boundary. When the specified time is reached, the role should be automatically deleted, thereby revoking access without the need for manual intervention. This would ensure that temporary access is automatically cleaned up, reducing administrative overhead.

Describe alternatives you've considered

  • Manual Deletion: Continue with the current process of manually deleting roles, but this is inefficient and increases the risk of forgetting to revoke temporary access.
  • Scheduled Tasks: Implement custom scripts or scheduled tasks to periodically check and delete expired roles, but this adds complexity and requires ongoing maintenance.
  • Audit Logs and Alerts: Rely on audit logs and alerts to remind administrators to delete roles, but this still requires manual action and isn't as seamless as an automated solution.

Explain any additional use-cases

  • Temporary Project Roles: Assign roles to team members for the duration of a project. Once the project is completed, the roles are automatically deleted, ensuring no lingering access.
  • Contractor Access: Provide contractors with access for a specified period. Their access is automatically revoked after their contract ends, enhancing security.
  • Event-Based Roles: Grant roles for specific events or time-bound activities. Once the event concludes, the roles are automatically removed, simplifying access management.

Additional context

Adding a TTL or expiration timestamp feature for roles would significantly enhance security by ensuring temporary access is properly managed and automatically revoked. It would also reduce the administrative burden on IT teams and improve overall efficiency in managing roles within HCP Boundary.
@mehrdad-khojastefar mehrdad-khojastefar added the enhancement New feature or request label Jul 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mehrdad-khojastefar