Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-time-boxed-privilege-elevation.md

1.3 KiB

Pattern: Time-boxed Privilege Elevation

Status: seed Readiness target: RL3 production Primary owners: NetKingdom, ops-warden, flex-auth Genesis family: Identity and access

Problem

Permanent privileged access increases blast radius and makes it hard to distinguish ordinary access from exceptional authority.

Context

Use this pattern for operator access, tenant admin elevation, emergency maintenance, agent tasks, production data access, and SSH certificate issuance.

Forces

  • Operators need enough authority to fix incidents.
  • Privilege should expire automatically.
  • Elevation should include reason, scope, approval, and audit.
  • Break-glass must remain separate from ordinary elevation.

Solution

Grant privileged roles or credentials only for a bounded purpose, scope, and TTL. The elevation request records actor, tenant, resource, reason, approval, assurance, and expiration.

Verification

  • Elevated access expires without manual cleanup.
  • The platform records who elevated, why, for what, and until when.
  • Expired elevation cannot be reused by agents or background sessions.
  • Emergency break-glass paths are distinguishable from normal elevation.
  • Short-Lived SSH Certificates.
  • Short-lived Credentials.
  • Break-glass Access.
  • Central Audit Ledger.