Problem: I just had an experience where I was running into a bug with a product that I love. I reached out to the support team and they asked if they could access my account. Unfortunately, my account contains sensitive and personal information so it wasn't ideal.
What if the user could control the admin's permissions?
- All user accounts are totally encrypted.
- When an Admin tries to access a user's account, it will pop up a notification on the user's device asking them to give the admin access. Or, if the device is open, it will show a modal.
- If the user grants permission, their account is decrypted on the Admin's side so they can help troubleshoot.
- Once permission is given, a 5 minute count-down timer appears on the user's device. Once that timer runs out, access is immediately revoked unless the user taps a button to extend access for another 5 minutes. This gives the user peace of mind if they cannot stay on the phone with the admin during the time they're troubleshooting an issue.
- There's also a button that allows the user to revoke access immediately.