Share credential with less priviliged user within RDM for a limited amount of time

We've implemented a complete RBAC model in our RDM. Our users are authorised to access only the credentials that belong to their role of function.
However there are always exceptions. When a first line engineer needs access to a credential he normally should not be able to access. Of course we could make a change in the permissions but the people managing the permissions are not the same as the persons that have access to the required credentials.

What happens now is that 2nd line colleagues share these credentials outside of RDM, causing a risk of storing a credential in another system and not being able to audit the use of that specific credential from within RDM.

What I would like is the option to temporary share a credential entry with a less priviliged user for a certain periode of time. The audit logs should register the fact that the credential was shared.
This could perhaps be a permission you could assign to users to be able to share items.