Missing Login not in Trash
A login from a team vault disappeared sometime between last week and this morning, and it's not in the trash. We don't have any backups. We did recreate the item, but I'm wondering if there's some kind of audit capability that would allow me to trace who/what/where/when etc.
1Password Version: 6.6.2
Extension Version: Not Provided
OS Version: 10.12.13
Sync Type: Not Provided
Referrer: forum-search:missing login item
Comments
-
Hi @zaycon_michelle - Thank you for reaching out to us. By design, we don't have the ability to view any data. We can only see the number of items within a vault. You can check the Activity Log under the Admin Console which might give you a clue as to which team member accessed a specific vault or made a change. I'm wondering if a team member accidentally moved the item over to their Personal vault in error which would make sense if you can't locate it. Personal vaults can only be accessed by that specific member.
You can also add a permission to any Shared vault preventing team members from moving items to the trash -
https://support.1password.com/teams-admin-getting-started/#understanding-basic-permissionsSorry for not having a better answer to your question and let us know if we can be of any further assistance.
0 -
This brings up an interesting question. I protect some of my group vaults from user mistakes by allowing them to "move items to trash" but not to "empty trash". The idea is that if they mistakenly or maliciously delete a crucial entry I can find it in the trash. If they change an entry I have the revision history. Once a week I review the trash and history logs to make sure nothing funny happened. But in this set of permissions can a user bypass my protection by moving the item to their personal vault, without a trace?
See screen shot for how I have it set up.
0 -
Hi @hesspaul,
If you want to protect against a user moving or copying the item out of the vault, you should remove the "Share items" permission under Client Settings.
A move of an item is really a copy + trash of original. So if they were to move the item to their personal vault, the original item would still be in the trash of the original vault. Since they don't have access to empty the trash, you would still find it there.
Does that clear things up?
Rick
0 -
Thanks @rickfillion. It sounds like my current setup is exactly what I need. In my case I'm not trying to prevent copying, only destruction.
0 -
Perfect. Sounds like this will do the trick then. :)
Rick
0