To protect your privacy: email us with billing or account questions instead of posting here.

Feature Request: Managed Password Entries / Copies, Master Records, or Shortcuts

charlieholder
charlieholder
Community Member
edited February 2021 in Memberships

Within an organization/family it's not ideal to create Vault after Vault to create a collection/network of groups who need access to shared passwords. It would be much easier if I could create some kind of master record only editable by me (or anyone else in the Vault which contains the master) and allow this entry to be shared into other Vaults as read-only.

I'm sorry if this has already been suggested somewhere. I searched and could only find topics related to making Copies of an Entry when migrating Entries. There is one thread with a comment about a Linux beta test of something to do with Groups, but it didn't immediately seem like the same thing.


1Password Version: 7.7.1.BETA-6 (70701006)
Extension Version: Chrome Beta 1.24.1
OS Version: MacOS 10.15.1
Sync Type: Not Provided

Comments

  • williakz
    williakz
    Community Member

    Are you suggesting that member access permission should be held at the individual entry level within vaults rather than, as now, at the vault level affecting all entries within? If so, that seems like it would be a major change in 1Password's structure as well as to sundry display/modify screens.

  • charlieholder
    charlieholder
    Community Member

    A little, but not as a whole at all. If an Entry is shared into multiple Vaults to have some different properties for maintaining it. Instead of creating distinct copies being able to maintain a single source and add it to multiple Vaults.

  • williakz
    williakz
    Community Member

    Sorry, not clear on what you have in mind. Either entries carry their unique permissions into whichever vaults they live (depending on degree of coupling per "move" or "copy") or a given vault determines specific user access to all its contents. I don't think there's any middle ground at present.

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @charlieholder!

    It would be much easier if I could create some kind of master record only editable by me (or anyone else in the Vault which contains the master) and allow this entry to be shared into other Vaults as read-only.

    If I understand your question correctly, this is already available in Business accounts: you can create custom grounds and permissions in Business account, and assign read-only permissions to certain users there.

    Use custom groups in 1Password Business

  • charlieholder
    charlieholder
    Community Member

    I don't think there's any middle ground at present.

    @williakz, right. I'm looking for a little middle ground where there are not unique entries in each Vault and the permissions are not determined by the Vault.

    Hi @ag_ana, this seems to be more at the User level whereas I'm suggesting something more on the Password Entry level.

  • ag_ana
    ag_ana
    1Password Alumni

    @charlieholder:

    Understood, thank you for the clarification :+1: In this case, at the moment there is no way to assign permissions to the specific items, only to the vaults, that's correct.

  • charlieholder
    charlieholder
    Community Member

    @ag_ana Now that I think about this a little more, permissions for a specific item could be one way to approach it, but that wasn't my initial ask. (Just to clarify.)

    If I have an Account on a video hosting site like Wistia, the Marketing Team and Training Team need access to upload videos. I don't want to put the Password in the Marketing Vault because Training should not have access to everything else. Same is true in the opposite direction. I would end up with a Marketing+Training Vault and maybe 1 Password (hehe) in there. The permutations of possible Groups who might need access to a Password could become very bloated and harder to manage long term.

    If the Marketing "owns" the login, maybe I also don't want Training to edit it (even accidentally). But if I was owning the Wistia Password in my Marketing Vault and then chose to share that one Entry into the Training Vault (without creating a distinct copy), it would keep me from creating more Vaults and still manage a single source of truth.

    I understand there are some things to think through related to how Vault access/permissions work.

    I just wanted to clarify one more time it's less about the permissions for accessing Vaults and more about how many places the Passwords can be accessed without also having to create distinct copies. The Custom Groups functionality for Business Accounts (I think we are on Teams) could be useful if applied to specific Passwords. I still think there would be things to think through thoughtfully with respect to individual Passwords/Vaults. More granular permissions for Passwords is related, but not the ultimate ask from me. But I leave it up to 1P to always determine the best way to solve a challenge. I'm just trying to clarify the situation.

    Thanks!

  • williakz
    williakz
    Community Member

    @charlieholder, now you're noodling the problem. I'll be interested to hear what the 1Password folks have to say. They, like you, are a bit between a rock and a hard place wrt 1Password Families and Business/Teams. Decontent Families too much in the individual direction and it won't meet user (family) needs. But beef it up too much in the Business/Teams direction, and it could easily cannibalize those high-end package sales.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the suggestions and for the clarification @charlieholder! I will be happy to pass this to the rest of the team :+1:

This discussion has been closed.