Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-time-boxed-privilege-elevation.md

45 lines
1.3 KiB
Markdown

# Pattern: Time-boxed Privilege Elevation
Status: seed
Readiness target: RL3 production
Primary owners: NetKingdom, ops-warden, flex-auth
Genesis family: Identity and access
## Problem
Permanent privileged access increases blast radius and makes it hard to
distinguish ordinary access from exceptional authority.
## Context
Use this pattern for operator access, tenant admin elevation, emergency
maintenance, agent tasks, production data access, and SSH certificate
issuance.
## Forces
- Operators need enough authority to fix incidents.
- Privilege should expire automatically.
- Elevation should include reason, scope, approval, and audit.
- Break-glass must remain separate from ordinary elevation.
## Solution
Grant privileged roles or credentials only for a bounded purpose, scope,
and TTL. The elevation request records actor, tenant, resource, reason,
approval, assurance, and expiration.
## Verification
- Elevated access expires without manual cleanup.
- The platform records who elevated, why, for what, and until when.
- Expired elevation cannot be reused by agents or background sessions.
- Emergency break-glass paths are distinguishable from normal elevation.
## Related Patterns
- Short-Lived SSH Certificates.
- Short-lived Credentials.
- Break-glass Access.
- Central Audit Ledger.