restrict access to viewing password

Is there a way to share a login with a team member but only allow the team member to view the login but not the password itself?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:restrict access to viewing password

Comments

  • ag_maxag_max

    Team Member

    Hi @SUMtv! Welcome to the 1Password Support Community.

    If you're using 1Password Business, you have access to granular user and group permissions & client settings on vaults. One such client setting is View and Copy Passwords. If a user or group lacks this client setting for a shared vault, they will not be able to view or copy any of the password fields for saved items stored in that vault inside any of the 1Password client applications or web extensions. They will still be able to view the login item itself and use 1Password in the browser to fill those logins and passwords on the sign-in pages of websites and services.

    You can learn more about the various permissions in 1Password Business in the support article below:

    Create, share, and manage vaults in your team

    As great as a feature this is, it should be viewed mainly as a deterrent, as we can only guarantee true compliance within the 1Password ecosystem of applications and web extensions. When 1Password is invoked by a team member to fill this password into a browser, they might still obtain the password by using the developers’ tools on that web page. We cover this and more in our Security Design Whitepaper:

    1Password Security Design Whitepaper

    I hope this helps and keep me posted if there is anything else I can help you with. :)

  • Hey Max,

    We do have Business. When I try to share a certain vault with someone and then unshare it, the vault still shows up in their account, what's the problem there?

  • Same thing with the permission you already shared, the view and copy passwords permission, if I disable that on a test account I made that test account is still able to see the passwords thru their logged in account on the web site.

  • ag_maxag_max

    Team Member

    It’s possible that team member may have permissions for that vault on a group basis. That would explain why they're still able to view the vault and password fields of items even after they've been removed from the vault by an administrator or owner.

    For some background, with 1Password Teams and 1Password Business, you can assign vault permissions on both an individual and group basis. If a team member has vault permissions assigned individually and also as part of a group, the most permissive of the two will always be used. So, a team member would still retain access unless removed from that group, or if the group was removed from the Manage section of the Vault Details page.

    Can you head to the Vault Details page via the 1Password.com web interface and see if a group that user is a member of maintains permissions there? You can click the cog symbol next to the particular group they're a member of, to see which permissions are granted. I'd bet that's the issue but let me know if it's not and we'll keep working. :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file