Requesting Access to Passwords

If you’ve ever found yourself needing to either, request access to password credentials, or, needing to approve a request, then we’ve got you covered.  Passwordstate includes a simple workflow, included as part of the core software, that handles this very scenario.

In this Blog entry we’re using an example for one of our employee’s Abagail, who’s filling in for a System Administrator who’s responsible for our internal SharePoint support.  Abagail by default has limited access to the Password Records in the SharePoint Accounts Password List.  In fact, the only access she has is View access on one Password Record and that relates to demonstrations of Passwordstate as shown below;

Abagail has provided backup support for SharePoint in a previous life (and she’s really good at it).  But before we run through the example of her requesting and being granted access to the Password records we should first run through the workflow at a high level.

Overview of Supported Workflow

The Seek Access to Passwords workflow is a simple workflow built around the specific tasks of;

  • requesting access to either a Password List (including all Password Records it contains) or,
  • requesting access to a single Password Record, and,
  • approving or denying the request.  

In line with this, and at a high level, the process is;

  • User requests access to a Password List or Password Record,
  • They select the type of access and the start and end date/time,
  • They can provide an optional reason for the request,
  • The submitted request is routed to the Administrators of the Password List,
  • The Administrators Approve or Deny the request,
  • If Approved the System grants the requested access for the duration requested

The Administrators of the Password List can be anyone with Administrator Permissions on the Password List and, if set under Administration->System Settings->email alerts & options, Security Administrators or Security Administrators with the specified role of Password Lists.

Request Access to a Password or Password List

Let’s get started.  As stated earlier, Abagail doesn’t have the required access for all Password Records in the SharePoint Accounts Password List.  To request access, she clicks on the Passwords icon in the menu at the extreme left and selects the option for Request Access to Passwords as per the image below; 

This brings up the Request Access to Passwords screen.  From here, Abagail types the search criteria of SharePoint Accounts in the Password List Search Filter box and clicks on the Search button.  This will display all matching records in the display grid.  As she needs access to the Password List and all corresponding Password Records, she selects the top response in the display grid by clicking on the Action Icon and selects Request Access to Password List (image below);

Now the dialog box for Request Access to Password List opens.  Here Abagail selects the Access Type required, in this case View, the Start Date and Time, in this case we’ve left it blank (meaning As Soon As Possible), the Expiration Date and Time, in this case the date and time she stops providing backup support and a Reason to provide context on the request for the Approver.  Once this information is filled out, she clicks the Submit button (image below);

On clicking the Submit button Abagail is presented with an Access Request Sent box and clicks on the Close button (image below);

How to Approve the Request

The Request is emailed through to all Administrators of the Password List and/or Security Administrators or Additional Approvers as per the settings outlined under;

  • Administration->System Settings->email alerts & options.
  • Administration->Feature Access->password list options->specify additional ‘Approvers’ of Access Requests for Password Lists and Password records

A notification is also sent to the Notifications area for those Password List Administrators as per above. 

To review the request, a Password List Administrator or Security Administrator clicks on the Passwords icon in the menu at the extreme left and selects the option for Pending Access Requests as per the image below;

This brings up the Pending Access Requests Screen.  Here all pending requests and their details are displayed.  To select a request simply click on the corresponding user name in the User Requesting Access column (image blow);

This will bring up the Process Access Request screen.  This duplicates the information in the same format as entered by Abagail.  The Approver can select to Approve Request, Deny Request or Cancel to return to the previous screen.  In this example the Approver will approve the request by clicking on that corresponding button (image below);

The Approver will now be taken back to the Pending Access Requests screen to approve any further requests.

What Happens Behind the Scenes?

Passwordstate will now process the approved access type, for the requested object.  In this example it means it will set Abagail’s permissions to View at the Password List level (so she has that access on all records in the List).  Abagail will be emailed advising her that her request has been processed.  When Abagail logins in next she will see she now has access to all the Password Records in the List (image below);

As an Expiration Date and Time were also set, a job will be queued to remove the View permission from the Password List at the time specified.  This is the same for Password Access Requests with a specified Start Date and Time.

As stated at the beginning, the workflow is simple and geared toward handling the Approval, setting and removal of permissions as required.

If you have feedback and are unsure where to send it?  Send it through to