I’ve currently thought about a web-driven password database with multiple accounts and the login/passwords stored in a Database engine like MySQL or Oracle. Each password should only be available to some of the users:

User A logs in, creates a new login information and ticks some checkboxes to make this information available to User B and User C. User D and E should not see it.

My first thoughts:

The passwords are stored encrypted in the database.

The main problem here is of course, if you have access to the server you can take a look a the script and detect the decryption algorithm with enables you to de-crypt all the stored passwords at once.

So I thought, each user gets a master password to the password tool which is part of the encryption/decryption algorithm (user enters this master password and the logs in with his own credentials). This had the benefit that a third person could not simply take a look at the scripts to see how they are decrypted exactly as he had to know the master password. But of course it’s still possible for users with very limited access to decrypt all of the passwords as they know the master password.

So basically my question is: how is it possible to have a webbased multiple user password database which is not just cracked easily by looking at the plain sources, if someone gets access to the server? Is it possible to make the decryption somehow dependent on the user logins which may officially see the password?

Thanks for any hints on this!

Notice to make things more clear:
It’s intended to be a password database where login credentials for different applications are stored and users can log in and see what credentials they have to use for these applications. Like password manager tools like 1Password and so on. It’s just a simple lookup table with username/password, it should not insert or interact with 3rd-party applications.