Everyone vault permissions

Any plans to allow configurable settings for the "Everyone" vault? I wouldn't want everyone in the company to be able to edit or add items to the vault, but I would want admins to be able to add/edit items. For example, the guest WiFi password. I'm certainly fine with it having read permissions for all team members though.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • The team members are added to the Everyone vault automatically with the default permissions. It should be possible to change their permissions after they are added.

    At the moment, there is no setting that would allow you to configure the default permissions.

  • It should be possible to change their permissions after they are added.

    Thanks roustem. Could you tell me how I would remove write permissions for someone after the are added? I see the list of team members while viewing the Everyone vault, but unlike other vaults, there isn't a gear icon next to everyone's name to configure permissions.

  • You are right! I am sorry for misleading you, I am getting old and starting to forget things :)

    Looks like we removed this option to prevent removing people from the "Everyone" vault. We'll need to discuss internally if we could/should change that.

  • _pob
    _pob
    Community Member

    +1 to being able to disable the Everyone vault. I don't really want to enable folks to accidentally add secrets to the Everyone vault that was meant for a different vault.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Understood. It's definitely something we'll continue to evaluate. Thanks for the feedback! :)

  • redb
    redb
    Community Member

    :+1: This would be a great addition/change. If I wanted the same functionality, I would have to create a separate vault with the same name to get special permissions.

    Side note - as of now it was really to create a vault with the same name as an existing Vault. It would be cool to have an alert just making sure that I know what I'm doing when creating a vault with a name that already exists :)

  • Thanks for pointing that out, @redb. We shouldn't allow creating multiple Vaults with identical names. I'll open an issue so we can make sure this gets fixed up.

    Thanks again!

  • I am not sure we will be able to do this across the entire team, @dteare.

    All vault names are encrypted on the client and unless you have access to all vaults in the team, there is no way to tell that this vault name is being used.

  • thightower
    thightower
    Community Member

    Just completed setup on the team for my wife's work and her first question was Can we disable the everyone vault ? So add me err her to the list.
    We do use the everyone vault for our family team, so it can be useful in certain situations.

  • Thanks for adding your vote, Tommy. Given the number of people asking for this, it looks like we'll be adding a setting :) It will be nice to finally have some settings in our Admin Console – there's an empty tab just itching to have some content :D

    About duplicate Vault names, that's a good point @roustem. We can't enforce the uniqueness on the server side since everything is encrypted, and not all clients will have access to all vaults. Looks like we'll have to allow duplicate vault names after all.

  • redb
    redb
    Community Member

    @dteare @roustem maybe just a warning? Something like "Whoa now, it looks like you already have a Vault with that name. Double check you are using(or assigning it to) the right team." That coupled with "I understand, Vault ahoy!" and "Hmm...let me check" can only help the admins that have multiple teams.

    I don't know how easy that would be to do with your encryption methods, but from the layman's side it seems easier to have warning. Just spitballing!

  • @redb yeah, we could show some type of message if the user has an existing vault with the same name. It just wouldn't be fool-proof since we wouldn't be able to check the names of vaults that the user can't access.

  • everyonevault
    everyonevault
    Community Member

    Please add my vote for the setting to remove or disable the Everyone vault.

  • Hi, @everyonevault, nice name! :lol:

    We are indeed intending to remove the special handling for the Everyone vault in the near future. It will be part of a much larger set of changes to groups and permissions, so I don't know exactly when it will be done, but these changes are pretty much my top priorities at the moment.

  • jghogan521
    jghogan521
    Community Member

    +1 to customization/removal of access to "Everyone" Vault. We are moving to 1PW for Teams for one team first, then expanding to other teams within the organization. We will be creating Vaults for each team, but the "Everyone" vault will create problems for users choosing that instead of the appropriate vault.

  • Thanks for the vote, @jghogan521! It will happen for sure. It's moved off my top priority currently, but we'll get back to it shortly. :)

This discussion has been closed.