Delete and destroy separate permissions

yapyl

I would like to ask if there is a way to separate Delete and Destroy permissions for guests to my Vault.
My hypothetical scenario is as below:-
1) Team member I invited as a Guest deletes a password
2) Same team member proceeds to destroy the password in Recently Deleted
3) No backup of the password available even though there is an activity log?

How do I protect my organization in the above scenario?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:destroy

ag_max

Hi @yapyl,

There are some controls to protect your organization's information in the scenario you outlined:

1Password Business

If you're using 1Password Business, you could untoggle the Delete Items permission for the person within that vault, which would prevent them from deleting any items there.

Alternatively, if you would like them to maintain the permission to delete items but make it impossible for them to view the View Recently Deleted section, and permanently destroy them, you could untoggle the View Item History permission.

1Password Teams

With 1Password Teams, you would need to assign that user the Allow Viewing permission within the vault to restrict them from deleting or destroying items. You can read more about permissions in the article below:

Create, share, and manage vaults in your team

No backup of the password available even though there is an activity log?

Regarding point 3, the View Recently Deleted section accessible at the bottom left of your vault on 1Password.com serves that purpose as a "backup" of sorts, through the item history feature. This lets you restore deleted items that haven't yet been permanently destroyed.

View and restore previous versions of items in your team

yapyl

Hi @ag_max , exactly what I was looking for. Thanks!

ag_max

Glad to hear that helped, @yapyl. :smile: