Granular permissions within the vaults

Maybe I'm missing the feature, but it would be very helpful if we could give granular access to items within a vault to specific users and/or groups of users.

If this feature is already available please advise. Otherwise the only work around that I see is to create multiple vaults.

We have vaults setup for each of our customer accounts, but some instances we we do not want level 1 technicians to have access to all credentials associated with that customer. Rather than create multiple vaults for the same customer or combining services, ie Firewalls, databases, etc., for all customers into a vault we would rather give granular access to members having permissions to the customer vault.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @bbates7995,

    Thanks for taking the time to write in. You're not missing the feature. The way to do this currently would be with multiple vaults, as you've mentioned. I think we're going to have to think about that scenario some more, and hopefully be able to come up with a solution that would work nicely for it. It's certainly an interesting use case.

    Cheers.

    Rick

  • bbates7995
    bbates7995
    Community Member

    Thanks for the feedback Rick.

    The multiple vaults solution works but can become overwhelming quickly.

  • We'll definitely keep this in mind and see if we can maybe do something better in a future release. Let us know if you have any additional questions.

    Cheers.

    Rick

  • jon4spark
    jon4spark
    Community Member

    I second this suggestion. In some cases for us it would almost be a one-password-per-vault workaround, or one-vault-per-user with some items needing to be duplicated across more than one vault.

    Another nice-to-have at some point would be the ability to set up vault access based on LDAP group membership, but that's for another thread. :)

    Thanks for listening. Keep up the great work!

  • Thanks for the additional information @jon4spark. LDAP integration is something quite a few companies have requested, it certainly would be really cool to have that tie-in.

    Cheers.

    Rick

  • bbates7995
    bbates7995
    Community Member

    LDAP would be a FANTASTIC addition! It would also keep 1Password in pace with your primary competition LastPass ;)

  • Haha, thanks for the vote, @bbates7995! We are pretty new to this space, so our heads are brimming with ideas, but it'll take some time to get everything implemented, especially the complex enterprise-ish features. We're starting simple and cautiously increasing complexity as we need to.

This discussion has been closed.