ums

FS-31: Privileged Access with Time-Bound Elevation

Status: Pending implementation

1. Business Purpose

Privileged access must be granted only for the time it is needed and then automatically removed. UMS must let security teams approve temporary elevation, limit the duration, and preserve a clear justification trail.

2. Actors

Actor Responsibility
Privileged Access Requester Requests temporary elevated access.
Security Approver Reviews and approves or denies the elevation.
Security Administrator Configures the privileged access policy.
Auditor Reviews the reason, duration, and outcome of the elevation.

3. Business Preconditions

4. Main Functional Flow

  1. The requester asks for privileged access and explains why it is needed.
  2. The approver reviews the request, the target scope, and the requested duration.
  3. If approved, the system grants the elevation only for the allowed time window.
  4. The system removes the elevation automatically when the time window ends.
  5. The decision and the duration remain auditable after the access is removed.

5. Alternative Flows and Exceptions

A. Justification Missing

If the requester does not provide a sufficient reason, the request cannot be approved.

B. Duration Too Long

If the requested duration exceeds the policy, the approver must shorten it or deny the request.

C. High-Risk Scope

If the requested scope is especially sensitive, the system can require stronger approval before it is granted.

6. Business Rules

Rule Description
BR-01 Privileged access must be temporary and explicitly approved.
BR-02 Every elevation must have a start time, an end time, and a reason.
BR-03 Access must be removed automatically when the elevation expires.
BR-04 Higher-risk scopes may require additional approval or stricter duration limits.
BR-05 Each decision must be auditable and explainable.
BR-06 A privileged elevation must not become permanent by accident.

7. Acceptance Criteria

# Acceptance Criterion
1 A requester can ask for temporary privileged access with a reason and duration.
2 An approver can approve or deny the request.
3 Approved access expires automatically at the end of the approved window.
4 The system records the justification, reviewer, scope, and duration.
5 Expired privileged access is no longer active.
6 High-risk requests can require stronger review before approval.

8. Technical Requirements

9. Traceability

Type References
Domain Entities ApprovalWorkflow, ApprovalRequest, AccessEnforcementPolicy, Role, Profile
Functional Stories FS-10, FS-16, FS-24
ADRs ADR-0012, ADR-0016, ADR-0035