Retrieving granular permissions
Hello,
We have a business account, and we want to solve the following issue:
Our users add users to vaults, which gives them FULL access, including deletion and mass export permissions. We think this is unsafe and our security standards force us to restrict users, give them only editing rights when they need to, never allow them to export, etc.
We can only set these granular permissions in the web interface, correct?
We would be greatly helped if there was some way, through the API or the CLI, to at least VIEW the granular permissions that a user has on a vault. Then we can use the event lists to run checks on these permissions and fire warnings if we see users with too many permissions on a vault.
With the great number of vaults we have, we simply cannot manually check this every time in the web interface.
Will this ever become possible with the CLI? Is there some other way that we can programmatically check granular permissions?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hello @Czim,
Thanks for writing in! My name is Michael, and I'm one of the developers on the team responsible for the command-line tool.
You are correct in that the web interface is the only way to set the granular, vault-specific permissions. I understand that it would be tedious to manually verify that the permissions are correctly set on hundreds of vaults, especially in a repetitive fashion.
I have let the team know that you'd like to view and edit the vault permissions via the command-line tool. I can't promise any timelines, but we will review the request. ref: dev/b5/op#1264
I hope that this helps, even if it's not the answer you're looking for. Let us know if you have any additional questions.
0 -
Hello Michael -- thanks for the response. I'd love to hear the outcome of the request (even if it's negative).
0 -
We'll be sure to keep you updated as to the status!
0