BACKGROUND

We adopted Passwork several years ago specifically for its clear security model that distinguished between private and shared vaults. This structure provided private vaults for individual user credentials and company-wide shared vaults under password administrator oversight and audit control.

ISSUE WITH VERSION 7

The introduction of private vault sharing in v7, while useful for some organizations, has created a security oversight gap. Users can now share their private vaults directly with other users, bypassing our password administrator's audit capabilities.

REQUEST

We would like to request an administrative setting that allows organizations to disable private vault sharing when centralized oversight is required, maintain the original security model where all shared credentials remain under admin supervision, and preserve existing functionality for organizations that prefer the new sharing capabilities.

BUSINESS JUSTIFICATION

Many organizations require complete audit trails for shared credentials due to compliance requirements, security policies, and risk management protocols.

PROPOSED SOLUTION

Add a configuration option in the admin panel called "Allow private vault sharing" as a toggleable setting. Default should be enabled to maintain current v7 behavior. When disabled, this would restore v6 behavior where only admin-managed shared vaults can be shared. This approach would accommodate both security models while maintaining backward compatibility.