Remove permissions of all users from all vaults via script

sebastianon1password
sebastianon1password
Community Member
in CLI

Hello dear Community,

due to an incident at our company, I need to remove the export function of passwords for all users and unfortunately users were mostly assigned to vaults individually and not in groups (this will definitely be changed).
I'm new in 1Password CLI and since a few days I'm trying to create a script that changes permissions of all users in all vaults.

The user that runs the script has Owner permissions and we use 1Password Business.
However, when I run the script, it only removes the permission from the script running user in just the Private vault.

I am stuck at the moment and have no idea what to change. Please, can someone give me a hint what I am doing wrong?

Many thanks and greetings
Sebastian

# Get list of vaults
vaults=($(op vault list --format=json | jq --raw-output '.[] .id'))

# Loop through vaults
for vault in $vaults
do
  # Get list of users for the vault
  users=$(op users list --vault $vault --format=json | jq --raw-output '.[] .id')

  # Loop through users
  for user in $users
  do
    # Grant new permissions to user
    op vault user revoke --user $user --vault $vault --permissions export_items,print_items
  done
done

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

This discussion has been closed.