1Password on Mastodon

Remove permissions of all users from all vaults via script

Community Member

Hello dear Community,

due to an incident at our company, I need to remove the export function of passwords for all users and unfortunately users were mostly assigned to vaults individually and not in groups (this will definitely be changed).
I'm new in 1Password CLI and since a few days I'm trying to create a script that changes permissions of all users in all vaults.

The user that runs the script has Owner permissions and we use 1Password Business.
However, when I run the script, it only removes the permission from the script running user in just the Private vault.

I am stuck at the moment and have no idea what to change. Please, can someone give me a hint what I am doing wrong?

Many thanks and greetings

# Get list of vaults
vaults=($(op vault list --format=json | jq --raw-output '.[] .id'))

# Loop through vaults
for vault in $vaults
  # Get list of users for the vault
  users=$(op users list --vault $vault --format=json | jq --raw-output '.[] .id')

  # Loop through users
  for user in $users
    # Grant new permissions to user
    op vault user revoke --user $user --vault $vault --permissions export_items,print_items

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file