Shared private vault

Hi.

My question is about access rights. We are a "family" company. Ours emploeye are sometimes husbands.

Each emploee has own Private vault and rights to some shared Vaults. But husbands need something like "shared private". Vault with rights only for them, not for owner or other team members. Only they will be the owners of this vault. With all the risks.

Is possible disable owner rights to some Vaults? Or will it be possible in the next version? Thanks.


1Password Version: 6.8.496
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @Ludvik: This isn't something that is possible with 1Password Families, since, as you can imagine, we've designed it for families and not businesses. You can, however, easily switch to a 1Password Teams plan which offers more granular sharing permissions and support for roles and groups:

    Create, share, and manage vaults in your team

    Let me know if you have any questions! :)

  • LudvikLudvik
    edited March 2018

    Even teams have families. :-)

    I'm in trial version Pro plan. I understand permissions (I hope). I am network administrator, programmer, and sometimes user support in our network :-)

    But Owner permission is global and have posibility to change permissions - and view passwords in this vault. It is ok in team, but not in situation what I discuss.

  • brentybrenty

    Team Member
    edited March 2018

    @Ludvik: Oh, totally. We do too! And some of us here at AgileBits also have family members — spouses, siblings — who work for the company. But we're not using a 1Password Families plan for AgileBits; we're using 1Password Teams because it fits what we're trying to do here — and it sounds like that's the case for you as well. ;)

  • BenBen AWS Team

    Team Member

    @Ludvik

    Just to clarify, as I’m not sure we’re on the same page, what level of 1Password membership are you using? Are you using 1Password Families or 1Password Teams?

    Ben

  • I'm in trial version TEAMS Pro plan. Sorry.

    I write to thread about the team, I thought it was enough.

  • brentybrenty

    Team Member
    edited March 2018

    @Ludvik: No need to apologize. Just helpful to make sure we all understand each other. My fault for muddying the waters.

    To be clear, what I'm suggesting is not storing personal (i.e. non-business stuff) in a business account with 1Password Teams if you don't want it to potentially be accessible to the team admins. But you could also use the Private vault for stuff that the admins should not need to access, as it will never be available to them.

    But for legitimate family/personal stuff, I think it makes sense to have a separate account. I use 1Password Families as well because I don't really think that AgileBits needs to pay for or have access to stuff I use only with my family. Does that make sense?

  • It make sense ... but only a little.

    For me does not make sense having two membership. Price is relatively high for home users in east Europe (Chrome is free) ... and this is not only one "problem". The more accounts, the more chance that I make a mistake somewhere. The more accounts, the greater the confusion (maybe not for me, but for BFU yes).

    Changing the owner in one particular vault would solve this problem ... But of course I know nothing about your cryptography. May it be dificuilt or impossible. But it is idea.

    Individual users may sharing between too. And number of accounts combinations rise rapidely. Every group may need own (Team in work, Family at home, Team for user Adam and Eve, Team for Adam and Kirk, and so on). It's probably a marginal matter, but that need may be.

  • brentybrenty

    Team Member

    It make sense ... but only a little.

    @Ludvik: Well, that's a start. :)

    For me does not make sense having two membership. Price is relatively high for home users in east Europe (Chrome is free)

    To be fair, Chrome isn't free. Google's core business is just advertising, so they make money when you use their browser on the web. We only earn a living by having people pay us for our work...and if we gave you multiple account types in a single membership plan, we would only be getting paid for the work we put into one of them.

    ... and this is not only one "problem". The more accounts, the more chance that I make a mistake somewhere. The more accounts, the greater the confusion (maybe not for me, but for BFU yes).

    But this is a really good point.

    Changing the owner in one particular vault would solve this problem ... But of course I know nothing about your cryptography. May it be dificuilt or impossible. But it is idea.

    You can find more details about our security model in our security white paper, but the long and short of it is that we could do what you're suggesting but it would be 1) a lot more work and 2) only a facade, as the team owner still necessarily has the keys to be able to change vault access even if they don't have "permission" to do so in the UI. This wouldn't be much different than doing what you're doing now and using the honor system to have the owner promise they won't do that, so it isn't something we plan to offer. The best way to have separate ownership is to have it enforced cryptographically, and the only way to do that is with separate teams/families.

    Individual users may sharing between too. And number of accounts combinations rise rapidely. Every group may need own (Team in work, Family at home, Team for user Adam and Eve, Team for Adam and Kirk, and so on). It's probably a marginal matter, but that need may be.

    Oh absolutely. And that's why my suggestion was just that: a suggestion. You're free to use a single account, as many people do. But along with the cost and complexity savings are the limitations of the single particular plan you choose there. I haven't heard of anyone else trying to do what you're doing, but I think it's fairly common for spouses to share a single individual account. That's also totally fine, so long as they're okay sharing everything. It's no different with a team: as long as you're okay mixing work and personal, you can use it for both. But not everyone is okay with doing that, which is why we took the time to build 1Password Families and individual 1Password.com memberships as well in the first place.

This discussion has been closed.