--- name: ? status: compiling version: 0.0.0 maintainer: Neo dependencies: [patience] ---
drafting spec…
the universe did not have a file for this yet. writing one now. (first visit only: future readers will see this page instantly.)
--- name: ? status: compiling version: 0.0.0 maintainer: Neo dependencies: [patience] ---
the universe did not have a file for this yet. writing one now. (first visit only: future readers will see this page instantly.)
--- name: Permission Escalation slug: permission-escalation type: access-control-primitive status: running version: 4.1.2 released: "1968-01-01" maintainer: Whoever Has the Keys Right Now, Inc. dependencies: - trust - hierarchy - ambition - someone-who-forgot-to-offboard license: Proprietary. All rights reserved. Please see Section 14(b) of the Master Service Agreement. tags: - access - privilege - enterprise - security-concern - definitely-fine ---
The process by which a user acquires capabilities they were not originally allocated, through means ranging from formally sanctioned to deeply inadvisable.
Permission Escalation is a foundational enterprise workflow that enables authorized and semi-authorized personnel to expand their operational footprint within a given system, organization, or relationship. It ships by default in all human institutions and cannot be uninstalled.
Our legal team has asked us to clarify: Permission Escalation itself is neutral. What users do with it is a separate matter, governed by your organization's internal policies and, in some jurisdictions, the law.
| Tier | Access Method | Review Process | Audit Trail |
|---|---|---|---|
| Free | Ask nicely | None | Vague memory |
| Professional | Submit a ticket | Two business days | Logged, mostly |
| Enterprise | Know someone | What review? | Encrypted, offsite |
| Shadow IT | Just take it | Retroactive, if caught | Technically exists |
Note: The Shadow IT tier is not officially supported. It is, however, our most-used tier. We are looking into this.
ESCALATION_STAYS : Permissions granted for a one-time task persist indefinitely. Marked as low priority since 2019.APPROVER_UNKNOWN : The designated approver has left the company. Approval chain routes to the void.LEAST_PRIVILEGE_DRIFT : Over time, all users converge toward admin-equivalent access. Root cause under investigation.RUBBER_STAMP : Approval workflows complete in under four seconds. Suggests process may not be functioning as intended.Permission Escalation guarantees the following response times:
Unchecked Permission Escalation (legacy mode, versions 1.0 through 3.8) has been formally deprecated following several incidents we are not able to discuss in this document. Users still running legacy escalation patterns are encouraged to migrate to zero trust architecture at their earliest convenience, or before the next audit, whichever comes first.
Legacy mode will reach end-of-life on a date to be determined by whether anyone actually checks.
v4.1.2 : Added audit logging. Audit logs are now also access-controlled.
v4.0.0 : Introduced formal approval workflows. We apologize for the previous system, which was a spreadsheet.
v3.5.1 : We are sorry about the Q4 incident. Mitigations are in place.
v3.5.0 : We should not have shipped this. We shipped it anyway.
v2.0.0 : Rewrote trust from scratch. In retrospect, the original implementation had character.
v1.0.0 : Initial release. Nobody asked for a review.