[Freeipa-users] Granting rights temporarily
Natxo Asenjo
natxo.asenjo at gmail.com
Thu Feb 14 09:22:35 UTC 2013
On Thu, Feb 14, 2013 at 10:02 AM, Dag Wieers <dag at wieers.com> wrote:
> Hi,
>
> Another interesting recommendation from security is that all granted access
> (that is exceptional, rather than permanent) should be limited in time from
> the onset.
>
> If this is not possible all granted access needs to be documented and
> revised regularly. However a system that would automatically revoke access
> after a certain period is preferred from a security/administrative
> perspective. (Period to be defined when granting access)
>
> This would mean that e.g. sudo-rules, group memberships, etc. could have due
> dates and that IPA ensures that these rights are revoked in due time.
>
> So I was wondering whether this is something that was already discussed as a
> feature for IPA ?
+1
--
groet,
natxo
More information about the Freeipa-users
mailing list