Different users for same vault

tsm_100

Our work organisation as 1P on multiple computers, where all users login to the 1 Vault to access the secure data.
We have different divisions: "Admin", "Developers", "Project Managers etc.

Instead of creating a different vault for each division (so non-admin staff can't access admin type data) and the person needing to remember which Vault to save/search for an entry, is there anyway to create different user access for a Vault?

e.g 1 Vault, but depending on who has logged in, or a setting Project Managers won't see admin type data?

Thanks,
Andrew

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

littlebobbytables

Hi @tsm_100,

Unfortunately there isn't. I can see what you'd like and I can definitely understand it from an enterprise management viewpoint but currently this isn't something 1Password can do. I shall make a note of your interest though as we try to do for every feature request. For the moment the only approach would be as you have already surmised, separate vaults per required group.

Another popular request is a more unified view of the vaults so that the user doesn't have to remember which vault an item is in. I shall add your interest to that existing feature request too.

I apologise I couldn't supply a more positive answer in terms of a solution for your situation.

ref: OPM-1644

tsm_100

Thanks @littlebobbytables for the quick reply!
I didn't think this functionality would be currently available, but that current ticket for a better view of all vaults would help a lot as you might have a visual representation + heading for each vault and can easily and quickly see which one you want to open.

littlebobbytables

Hi @tsm_100,

I don't know what the final approach will be but one thought was that 1Password mini would simply display viable options from all vaults, a bit like how the iOS Safari Extension copes with multiple vaults on iOS. As I say, a final approach hasn't been decided on. If we use the iOS Safari Extension as an example though, it shows you each Login along with the username below the title to help distinguish each one. The one image I can find highlighting this is a bit spartan so here's one I've just taken.

Was something like this, but obviously more modelled for OS X what you had in mind or would you see a usefulness in knowing which vault an item belongs to? Given you've gone to the trouble of posting in the forums to ask about this I want to make sure I understand what you would like to see so I can add it to the request.

tsm_100

Thanks @littlebobbytables

If we had different vaults it would be so that only specific people could see the contents within one vault. e.g a "Developer" vault would list all website login details, ftp details, CMS details etc... but then a "Manager" vault would list service logins such as payroll, bank account, credit card details etc.

Each vault would have a different password so that a developer couldn't access the Manager vault, unless they had the password. The annoyance with this is that a manager/project manager might need access to all vaults, and would have to keep signing in/out of 1 vault to go to another vault and wouldn't know potentially which vault the data is kept in.

I believe the best outcome would be you could set the vaults up how you wanted (e.g 1 or 10 vaults), and then you setup accounts and can assign an account to 1 or more vaults. So instead of logging into each individual vault to search for the data, you log into an account, and all linked vaults that that user has access to are shown.

So you might have a developer, manager & project manager login. And you have an ftp vault, company data vault, general website login vault. The dev can only access the ftp vault, but the pm can access all vaults so when they sign in all data is displayed pretty much like your screenshot, or how a typical vault displays. All data is there. I suppose if you create a new entry you need to know which vault you're making it in though so it is saved for the relevant people...

Hope that helps. A little complicated sorry.

AGAlumB

@tsm_100: Thanks for elaborating! Obviously this isn't possible, since 1Password isn't 'account-based'; there simply isn't anywhere for the 'manager' to authenticate to prove that he or she is entitled to access certain vaults. It's certainly an interesting idea though, and it's always good to get quality feedback from users to help us understand how people actually use 1Password, and also how they'd like to. Much appreciated! :)

tsm_100

Completely understand @brenty. Happy to provide any more UX/workflow examples if it is something that moves higher on the ticket list.

Drew_AG

Thanks so much for your feedback & examples, @tsm_100! This type of thing seems to be gaining popularity as a feature request, so hopefully we'll have a better solution for you at some point in the future. We really appreciate your input on how you'd like it to work and how it would help you and your organization! :)