7 min. read
NIS2 Requirements: Why Credential Security is Non-Optional
Explore key NIS2 requirements (Art. 21) regarding access control. Use our compliance checklist to align your credential security with Passbolt.
Passbolt 5.8.0 called “Everything in its Right place” is now available (release notes: 5.8.0) and continues the 5.x focus on administrative control, scalability, and operational efficiency. This release introduces dynamic role management, allowing organisations to define additional roles to better control access, align permissions with internal policies and compliance requirements, and delegate selected administrative capabilities. It also adds drag & drop user assignment to groups to simplify day-to-day user and group management.
Important: Assigning new roles requires all users to have updated their browser extension to version 5.8.
Dynamic role management
Passbolt allows administrators to control user actions by limiting access to specific capabilities through its RBAC model, particularly via the default User role. With version 5.8, this access model is extended beyond the default Admin and User roles, enabling administrators to create additional roles and assign them to users.
API Permissions
The additional roles allow delegation of selected administrative responsibilities without granting full administrative access, making it possible to distribute operational tasks more precisely. Initial support includes:
- Group management (create)
- Account recovery request handling (Pro)
Custom Roles
Dynamic role management is introduced with a clearly defined scope and constraints:
- The default Admin and User roles have fixed names and cannot be renamed or deleted.
- The User role can still be restricted, but cannot be used to delegate administrative responsibilities.
- The Admin role always retains access to all capabilities and cannot be restricted.
- A maximum of two custom roles can be created per instance.
- Custom roles support an initial set of administrative capabilities and can be renamed or deleted.
Role assignment is explicit when creating or editing users, and the assigned role is displayed consistently in the Users & Groups workspace.
Dynamic role management applies RBAC rules at the API and action level, ensuring permissions are enforced consistently across both UI and API interactions. This provides a solid foundation that can be expanded as additional needs and use cases are identified.
Drag & drop users to groups
Managing group membership is a frequent task, especially in organisations with large teams or regularly changing group structures. Previously, updating group membership in Passbolt required opening and editing each group individually, which could make routine administration repetitive.
Passbolt 5.8 addresses this by allowing administrators to add a user to a group via drag & drop directly from the Users & Groups workspace. This keeps group membership updates in context, reduces navigation between views, and removes the need to open the group edit view for each change, while preserving existing permission rules.
Performance and Stability Improvements
Passbolt 5.8 includes fixes and smaller improvements intended to improve the overall stability and usability. For the full list of changes, please refer to the changelog in the 5.8 release notes here.
What’s next?
January 2026 Release
The upcoming January release will primarily focus on platform evolution and long-term maintainability.
It will formally announce the deprecation (while still maintaining support) of several legacy environment components, including PHP 8.2 and MariaDB 10.3 and 10.5.
Stay up to date
To remain informed about Passbolt updates and community activities:
- Subscribe to our newsletter
- Follow us on LinkedIn, Mastodon, and BlueSky
- Join discussions on the community forum
- Sign up for release notifications on the changelog page
Thank you to the community for your continued feedback and contributions.
