This repository has been archived by the owner on Feb 12, 2024. It is now read-only.
Ability to limit the duration users can request access to specific resources for #283
Comments
wallrony
added a commit
that referenced
this issue
Oct 6, 2022
Co-authored-by: vassalo <vassalo@users.noreply.github.com>
Merged
vassalo
added a commit
that referenced
this issue
Oct 17, 2022
…stent with the rest of the env vars and add docs (#283) Co-authored-by: wallrony <wallrony@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
Currently users can use the --duration option to request access to resources for as long as they want. This is problematic for resources where the customer has set automatic approval up, as users can request access for weeks or months without anyone noticing.
Describe the solution you'd like
The ability to set a "max allowed time" on a resource
Describe alternatives you've considered
The ability to disable the --duration option on specific resource or resources that have the automatic approval tag
Additional context
Customer has read only databases that they want to be able to leave as automatic approval, but not for longer than 6 or 8 hours. This is important from an audit perspective - if a user requests access for 52 weeks, this is essentially permanent access and defeats the purpose of Just-in-Time access, even if it's only a read-only role
The text was updated successfully, but these errors were encountered: