[REVIEW] privileged-access: add shared admin attribution controls gates
Skill Being Reviewed
Skill name: privileged-access
Skill path: skills/identity/privileged-access/
False Positive Analysis
A shared emergency admin credential can be acceptable only if vaulted, checked out per named user, MFA-protected, recorded, alerted, and rotated after use.
Coverage Gaps
Privileged access review should require attribution controls for shared/root accounts. Without checkout correlation, audit logs show admin but not the human actor.
Edge Cases
- Vendor support uses shared account during outage.
- Root account login is blocked except vault workflow.
- Session recording exists but is not linked to checkout ID.
Remediation Quality
- Require checkout ID, human user, approval, MFA, session log, and post-use rotation.
- Flag direct shared-account use outside vault.
- Require root/shared account use review after every activation.
Comparison to Other Tools
PAM can provide checkout logs; SIEM gives platform logs. Review should correlate both.
Overall Assessment
Add shared admin attribution gates so privileged actions remain accountable.
Bounty Info
[REVIEW] privileged-access: add shared admin attribution controls gates
Skill Being Reviewed
Skill name:
privileged-accessSkill path:
skills/identity/privileged-access/False Positive Analysis
A shared emergency admin credential can be acceptable only if vaulted, checked out per named user, MFA-protected, recorded, alerted, and rotated after use.
Coverage Gaps
Privileged access review should require attribution controls for shared/root accounts. Without checkout correlation, audit logs show
adminbut not the human actor.Edge Cases
Remediation Quality
Comparison to Other Tools
PAM can provide checkout logs; SIEM gives platform logs. Review should correlate both.
Overall Assessment
Add shared admin attribution gates so privileged actions remain accountable.
Bounty Info
CONTRIBUTING.mdbounty terms.samik4184@gmail.com