Vault Permissions is not displaying the cog wheel
When I go to apply security to different vaults and I hover the mouse over the team member I don't get the little cog wheel to adjust their security privileges.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Vault Permissions is not displaying the cog wheel
Comments
-
I noticed the same issue when I first signed up, but after looking into it, I'm pretty sure this is one of the differences between Families and Teams. I'm sure somebody from AgileBits has already said it in another thread, but basically you won't get granular permissions for "Families" accounts — in fact, I don't think you can even set a vault to "read-only" at this point, which is even more bizarre as it kind of goes against one of the use-case scenarios that Dave highlighted in his announcement email, but they're also listening to feedback so maybe it will be implemented eventually.
0 -
Thank you for your comment, I am not sure what the difference is between a Family and Team is but there really shouldn't be any that's for sure. Families and Teams are basically the same thing and we need a way to secure the information in these vaults. My younger kids don't understand security and if this is being marketed as a family product we need the ability to have full security privileges available.
0 -
Hi @SKreisberg,
Of course there will be differences between Teams and Families; otherwise why offer two separate services? :) If the feature set of Teams is more attractive to you than those offered by Families you are welcome to create a Teams account for your family. One of the goals behind Families is to provide a more simplified (and less expensive) offering than Teams. We do not have any plans at this point to bring the full scope of vault security permissions that are available in Teams to Families, but we are considering adding the ability to grant read-only access to a vault to Families.
Currently Specific differences between Teams and Families are:
- Families is less expensive (5 users for $5 instead of $25).
- Teams is priced per-user (more flexible for companies).
- Teams has fine-grained permission control.
- Teams has more advanced management capabilities.
- Teams will support custom groups.
- Teams has more storage, more days of item history, more guests. Bigger numbers in general.
As the services grow they will be more differentiated, with new features specifically intended for families.
Thanks!
Ben
0 -
@bwoodruff Thanks for this detailed post & your general on-going patient and very clear answers. And, if you're collecting customer votes I'd love to see a Read Only feature for Families. I'm up and running already after using 1P for years and this would just be a perfect feature for me.
0 -
Thanks Ben, to be honest I didn't even know there were two different products. I would have no desire to pay $25/month for my family to sue 1Password. I have been using 1Password for well over six years and very familiar with the product line. I like this idea of the family plan a lot but I hope you understand we need to protect our younger family members from doing silly things that they just don't understand the ramifications. Read only would be a start but I would really like to see you simply add the ability to customize the security just like you do in Teams I don't think it will cause a bunch of confusion nor do I see it a $20/month feature add.
Thanks again
0 -
I'm with @SKreisberg on this one as well, and to be honest I was surprised that even "read only" wasn't an option, considering that the launch email from @dteare listed What if I share passwords with my family and they delete them by accident? as one of the use cases, which clearly isn't possible in Families right now.
That said, I can't see the need for completely fine-grained permission control in a "Families" environment, so I think it's totally fair if they want to keep Teams more advanced to distinguish it (and, frankly, to keep things simple for typical "Family" type users). Personally, I think basic Read and Read/Write would do for most use cases, with "Export" and "Manage" being automatically granted to Owners, but not really necessary for anybody else. I guess one could argue that variations on "Export" could come along with Read and Read/Write, but I guess that's more open to debate.
Ironically, the problem right now is that Owners appear to get Read/Write/Manage on the Shared vault, but not Export, unless they're specifically added by another Admin, which in turn grants them "Full Access."
Ultimately, I think the whole process of simplifying the permissions in Families has actually created a bit of a mess right now, so I look forward to seeing this get simplified. I guess AgileBits can't exactly start with the granular controls and then later take them away, but if that was going to be the case, the permission structures should have been better-defined before Families was rolled out.
0 -
@iamecho You're most welcome! Thanks for the kind words and for the vote for read-only mode.
@SKreisberg Yes, while Teams and Families are built around the same infrastructure (and use the same client apps) they will have different offerings and are marketed toward different groups. I wouldn't expect many families would need all of the features of Teams, but that option is available (at the Teams rate) for those who are. I could definitely see us adding the optiton to have read-only permissions for Families but it is likely that all the extra permissions customizations will remain a Teams exclusive.
Thanks for the continued feedback!
Ben
0 -
I think some level of permission control is a must, also for families.
One might want to set up a shared vault with limited write access so family members can create new items but can't delete anything. Even better would be that members could read/write/delete their own items in a shared vault, but only read items created by other members.
At the very least, simple read-only vaults should be possible IMO.
Frank
0 -
Can I create a shared vault but NOT have ALL family members see it? I'm not seeing a way to do that.
We REALLY do need the ability to restrict specific family members from a vault. It can be an all or nothing thing if needed. I just want to have a shared vault for my wife and I and NOT allow my mother (who lives with us) to see/share/use that vault.
0 -
@jFred Of course. :) In the Families web interface, create a vault by clicking your family name in the top right, then Admin Console, then Vaults, and clicking the blue
+
button. You should be the only one on this vault — other owners on the account will have manage access, but will not be able to access what's stored in the vault unless you click Manage Access and give them access to it. So long as your mother is not an owner, there's no need to worry about her having access to the vault. Hope that helps!0 -
I can fully understand the need to offer two tiers of complexity/pricing. But I must say that a read-only capability is the most obvious requirement for a family account.
I am trying to educate my daughters of the wonderful resource that the web can be, hand-in-hand with the fundamental security know-how that web users must understand. I have set them up with their own vaults and want them to take some level of responsibility for managing their increasing presence on the web. That being said, I would hate for them to accidentally delete or modify something and lose confidence in using the internet as a repercussion. A read-only capability would prevent that scenario and was the first feature I would anticipate in a Family orientated offering.This kind of leads me into a related question... now that our vaults are "online", what is the best backup strategy for vaults? I use Time Machine and Carbon Copy Cloner and also Backblaze online backup, but I am not sure where local copies/caches of the vaults reside on my local disk (if anywhere).
I would not expect Agile Bits to provide guaranteed backup (else I am sure you would have touted it as a feature of Teams/Families), but for my own peace of mind I would like to understand a little more about this aspect of data management.
Thanks for a great product, but please implement the read-only feature ASAP!
0 -
@penderworth. Ok, I kinda see what you mean.
Still confused though. When I go to the vaults screen and click on the vault in question, I then see the screen with a list of "people". In that list, I have "manage access", myself and my wife with full access, and my mother with read,write and export. At the top of that screen, right under the vault name, it says that "items in this vault can be seen and edited by ALL members of this team". So that is either true and not what I want, or wrong and confusing.
Does that all make sense?
0 -
@MortalWombatUK, I understand where you're coming from. I'll pass on your feedback here to our development team for their consideration :)
@jFred, I think I understand what you're saying, and it seems consistent with the current "all or nothing" permissions we have in 1Password Families. Please let me know if I misunderstood :) I'll add your feedback to MortalWombat's!
0 -
Ok, now I understand.
The All or nothing concept probably needs a rethink. There are different "groups" within a family. I feel that we need the ability to remove some family members from vaults. For example, If I want to share sensitive passwords, such as banking, with my wife, but not the kids.
Just a simple check box for each vault so that we can enable or disable family members from seeing/accessing the vault.
Make sense?
Thanks!
0 -
Hi @jFred,
Oh, I understand now! You can currently create new vaults and invite only some people to them. There is currently no way to more granularly control access, though.
For example: I'm the owner of my Family's account. My husband and I share a vault of travel information, and he can see passwords, modify items, and add new items to that vault. There's no way for me to restrict his account so that he has read-only access or can't see passwords. I can add our parents to that vault at any time so that they have full access, and I can remove them when it no longer makes sense for them to have access.
I hope this makes things clearer :) Please let me know if I muddied things instead.
0