Logins that live across vaults

Options
fhbc
fhbc
Community Member
in Business and Teams

Hi there,

It's becoming an increasingly frustrating experience for our users to deal with the permission model of 1Password.
It very often becomes the case that a team or subset of a team get put on a project and need access to a password that is stored in a vault other than the ones they have access to.

Small example:
Vault: Ditributors
Groups with access: Finance, Operations

That way Finance can get to the invoices and billing details and Operations can place orders with our distribution partners.

Sometimes, engineers need to order parts with some of our distributors, so they would like access to the account.

We now have a few options:
1. create a new vault, which has the login and grants access to Finance, Operations and a few engineers
2. add the engineers to the existing Distributors vault (in which case they can also see and use other distributor accounts for which they shouldn't have permissions)
3. Make a copy of the select logins to a vault those engineers have access to and hope we remember to update both of the passwords when we change the login credentials.

This is happening more and more often and creates friction with using 1Password. If we weren't changing our passwords every so often, certain team members would take the easy way out and just send the passwords through e-mail or chat apps to bypass the entire issue.

A few ways with which you could "solve" this issue:

  1. Make certain items point to a "hidden" vault that can be unlocked when the user has permission to view either one of two other vaults, that way the item lives in a vault, which continues to use the current security model of 1Password as I understand it, and there only exists a single copy so that updates propagate.
  2. Create a special "shared vault" which everyone has access to but where permissions are given on a per-item basis, this way if we find that a login is used sporadically throughout different teams, we can move it to the special vault and give access to those that need it while keeping it hidden from those that don't need access.

I really hope the team looks into solving this issue.
Kind regards,
fhbc

1Password Version: 8.x.x
Extension Version: All
OS Version: All
Browser:_ All

Comments

  • ScottS1P
    ScottS1P
    Options

    Hello there @fhbc,

    Thanks for sharing your use cases for per-item permissions. Given the scenario you outlined, I see how the current security model of 1Password may be cumbersome and lead to having many extraneous vaults. I'll share this information with the team, but can't promise if or when any of these features may be implemented.

    If you have any other comments or requests to share, please let me know.

    ref: IDEA-I-1604
    ref: IDEA-I-179

  • mgjk
    mgjk
    Community Member
    Options

    @ScottS1P is there a feature request which we can wait on if this gets selected for development?

  • ScottS1P
    ScottS1P
    Options

    Hi @mgjk,

    1Password doesn't currently have a system to notify you when a feature request is being implemented. if you'd like to watch our release notes page, it does announcing new changes when they become available. Beyond that we're not able to comment on plans and timelines for feature requests.

    I hope this helps.

    Thank you,

This discussion has been closed.