I am wondering if there is a way to create more granular permissions for passwords and users accounts.

Our situation is we have two API user accounts setup.

One account we want to only allow password resets and not view passwords, this is a normal user account

One account we want to only allow full access: view and modify.

Reason for this is, if a password is changed we still have a history of what it was - we also have logging of who did it via the API.

We do not want to allow other users to view the password via the API as this bypasses the 2FA we have setup for logging in.

Is there any way to do this currently?

If not, are there any plans for this to be implemented?

Cheers