User Role/Group Management
It took me a bit to see it, but I'm able to set users as Admin, Owner, or Recovery in the UI, but I have no way to say "Show me everyone who is a ". It'd be great to have this, and the ability to add several administrators at once.
Further, I'm not able to see what the differences between these three groups are. What can an Owner do that an admin cannot? What can an admin do that a member of the recovery group cannot? Is there overlap? If I'm an owner am I also an admin and in the recovery group? And how does being an owner or an admin differ from being a vault manager?
From what I can find, there's very little about these roles in the available documentation. Ideally I'd be able to get some help on these questions directly from the admin console.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
0
-
Not really. It doesn't mention "owner" at all. It does metnion the admin role saying that they can create new vaults, but surely there are other permissions?
0 -
I tried to find it in our docs and I couldn't. We'll make sure it is fixed asap!
The owners will be responsible for billing. Owners will also be able to close the account (once we have it implemented).
The admins can create new vaults, invite, and approve new members.
The recovery group members can recover other user's accounts.0 -
We also discovered that only owners can make new admins (or even recovery group members). Is this correct?
0 -
Yes, you are absolutely correct! Only owner can manage admin and recovery group members.
0 -
Owners have all admin functions right? And admins have all recovery functions? Is there any reason that I, as an owner, would need a separate admin or recovery account? Thank you.
0 -
It is possible to be an Owner but not have access to Admin or Recovery features. The team could have multiple owners and some owners might not be interested in team administration or recovery.
0 -
For me there should be the possibility of segregation of duties. Admins should be allowed to have Access to vaults by default.
For me there should be a Vault Owner (2nd Owner too) and the Vault owner is the only one who grants access to the Vault. The Admin first creats an empty Vault and give right to an owner. Also the owner should be able to give rights to groups of users. There Should be a Group Admin and so on.The concept behind it is that all Information (e.g. passwords) belongs to an accountable Person who owns that Information. And this Person (Role) should be the only one to grant access.
Currently I've access to all Vaults (I'm creator of Team Account) and even if I get removed from Vault I have Access To it. I wont like to have this rights.
And it would be nice if a admin user is in the first place handeld as regulare User and just if you want to get Admin rights you ask for it. This process should be logged.
To have 1password4team in companys the should comply to Information Security Management Systems.
RanDom
0 -
I am pretty sure 1Password for Teams could handle what you just described.
Currently I've access to all Vaults (I'm creator of Team Account) and even if I get removed from Vault I have Access To it. I wont like to have this rights.
If needed, the second admin can create a vault that you do not have access to.
0
