How to share identity or CC just to one person on a team?
I book travel for my employees - I want them to make a comprehensive Identity w DOB, SSN, and all travel frequent flyer #s. How do they share just that with me and maintain privacy for personal info? It seems silly to create a vault for each staff member's single identity. If they Copy to Shared, then I move to my Owner vault, and they update their info, does it push to my record?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @lithigin
If they Copy to Shared, then I move to my Owner vault, and they update their info, does it push to my record?
Be aware that 'move' is essentially a 'copy' followed by a 'move to trash', meaning employee's private details would still be in the Shared vault (trash), which by default is visible to everyone in the team. I would highly recommend avoiding this approach. 1Password aside, it is impossible to 'un-share' a secret: once someone has information there is no way to revoke that knowledge. The only way to effectively mitigate that is to change the secret. Obviously this is not possible with things like DOBs, SSNs, etc. Once the information is out there... it's out there. With regard to 1Password specifically, there is no saying that for the brief time the item was in the Shared vault, or in the Shared vault trash, someone didn't copy down the details.
I book travel for my employees - I want them to make a comprehensive Identity w DOB, SSN, and all travel frequent flyer #s. How do they share just that with me and maintain privacy for personal info? It seems silly to create a vault for each staff member's single identity.
I wish I had a better solution to offer off-hand. This is a issue that we're aware of with the current vault-level sharing model that we have, and we're also aware we don't currently have a great way to address it. We're looking at what might be possible for the future. Sharing at the item level, rather than the vault level, could be quite messy if not done correctly. The UI alone for tracking who has access to an item, especially when considering any sharing inherited from the item's parent vault, is a complex challenge to address. That is without even broaching the subject of encryption keys.
It is certainly a problem we'd like to solve, but if we're going to do it we want to be sure to do it in a way that is clear and offers an interface that is both easy to use and easy to understand.
I realize it is not ideal, but for the moment I think the best solution would be a vault per employee that is shared between you and the employee. You may end up finding this useful for more than just the one item you currently have in mind.
Ben
0