Bug with Shared Vault -- View Only is NOT View Only
I believe this is a bug...
1) Click Admin Console -> Vaults -> Shared
2) Click Manage Access
3) Add a family member
4) Click the gear icon next to the family member you selected and select "View Only"
5) Confirm the user is now showing as set to "View Only"
...however this user can still edit items in the Shared vault, despite being listed as "View Only"
Additionally, I find it very confusing that if you next click Manage Access (in the Shared vault) and you uncheck the green checkbox next to the user which you added earlier, so they are NO longer checked, the user is then removed for the list of People. However, that user STILL has access to the shared vault. In other words, the shared vault is ALWAYS shared regardless of who is selected or not selected with the green checkbox under Manage Access. This is very poor UX as the admin just went through the motions of explicitly removing that user from the vault, yet they still have access.
I find this very behavior very confusing and I believe that one of the primary goals of 1password needs to be to not confuse the end user such that they accidentally expose information that they didn't intend to. Currently, while looking at the Shared vault screen, the only thing indicating that everyone can access the vault is the grey text that says "Items in this vault can be seen and edited by all members of [your name]." This however, contradicts what is shown under the People section. The better solution is to replace the entire People section with that same text. Or even better, remove completely the idea of a default permanent shared vault, and instead force people to explicitly add members to each vault. This is would be a much more secure solution.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @natehouk
You are absolutely right, that is very confusing indeed.
The Shared vault is a vault that every Family Member has both Read and Edit access to. Having the People section with the Manage access button is absolutely redundant. In fact, as you mention, it is worse than redundant as it can make you think that you are limiting access to Read only when in fact they still have full access. This is clearly an error and we will get it fixed.
My initial reaction is to simply remove the People section from the Shared vault, or at least remove the Manage access button and replace it with the text as you suggested. Your suggestion on removing the Shared vault entirely is an interesting one though. I like the concept of the Shared vault as it is a convenient place to put things that everyone can access, including any new family members who are added. At the same time I can see it causing some confusion and becoming frustrating if you can not remove it. I am not quite sure which way we will go, but we will fix the UI so it is less confusing.
Thanks for your feedback,
-Jeffref: B5-1243
0