[Suggestion and Questions] Confusion on the full scope of permissions for "Family Organizer's"
Let me first start of by stating I think I knew the answer to this at some point but now I can't find that information (hence why I've included a suggestion for easier access to this information at the end of the post). Also if there is already easily accessible information regarding this, please link me to it as I was unable to find it this morning.
I'm the creator of the one password account. I'd like most of my family to be family organizers for the ability to recover locked out accounts.
However, that permission state's the following "Can manage billing, people, and **vaults". If I've missed an already available resource, please link me there so I can book mark it for future reference. Also see my suggestion below for easy access at the point of granting permssions.
**Questions regarding privacy between family organizers and privacy from the account creator (myself)
My primary concern is around privacy of shared vaults. Currently I've only granted myself and my Mom family organizer status. We have a shared account between ourselves with some sensitive information my other family members do not know about. If I grant my brother the status of "Family Organizer" will he have knowledge my Mom and I share a private vault between each other, and if so, will he have any visibility into that vault or the ability to add himself to the vault?
And trust goes both ways. As the creator of the Family Account will I have any knowledge of, visibility into, or ability to add/remove myself and others to those private vaults I was not explicitly added to in the first place?
Questions regarding the potential for family drama and perhaps catastrophe
We'd all love to fully trust our families, but sometimes poo hits the fan you know? I'd like to know the potential of catastrophe in a Family Account. Below is an example situation.
**Situation assumptions: **
1. Everyone is using 1 Password properly as designed. There is obviously risk of privacy breaches and information leakage if people share their personal account with someone else.
2. For the situation, let's assume a Family Organizer can promote addition Family Organizers, as well as a Family Organizer can act in bad faith.
Situation:
- I am the creator of the account. I add my mother and my brother as Family Organizers because I fully trust them. My brother gets married and adds his wife to the account which is perfectly ok. He makes her a Family Organizer as well to share some vaults between each other (lets assume this is possible and I am unaware he made the change). My brother and his wife have marital issues unknown to the rest of us, and his wife takes over the account and removes everyone including myself from access.... or worse, she adds herself to private vaults she was not explicitly invited too and saves private information between family members as a form of retribution.
Can a family organizer promote additional Family Organizers?
Can a family organizer remove people from the Family account? If so can they remove other family organizers from the account?
Does an account that has been promoted to family organizer essentially have full admin access similar to myself? Can they act in bad faith and take over the family account as detailed in the situation above?
Suggestion on making this information easily accessible and easily digestible
Lastly, if there is a permissions comparison chart (similar to the compare function while shopping for pc monitors) I would love to see it. If there is not, I would suggest one be added with an easy link provided: See attached photo for reference.
Thank you!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Ugh... it seems my last post deleted into the nether? It's not showing up on created discussions or drafts. Delete this if it's a duplicate.
I also think I knew the answer to this question when I first purchased a family plan, but I can't find that info again (I thought I posted the question here but my account reads 0 discussions posted... perhaps account issues? Idk.). If there is already easily accessible information for this, please link me to it as I was unable to find it. I've included a suggestion at the end of the post for this information to be easily accessible and visible, as well as easily digestible.
Differences between Creator Account and Family Organizer accounts?
- Does the creator account have more privileges than Family Organizer accounts? Or once promoted, do Family Organizers essentially have admin privileges?
Questions about privacy between shared vaults and Family Organizer accounts
I am the Family Account creator. I've shared a private vault with my Mom containing sensitive medical information my other family members are not aware of. If I promote my brother to Family Organizer, will he have any knowledge of this private vault, or ability to add himself or others to the vault?
Trust goes both ways. As the creator of the Family Account, will I have any knowledge of or ability to add myself or others to privately shared vaults that I was not explicitly added to?
Is there any documentation I can share with my family on this so that they can trust the family account? They are hesitant to join because they are not sure what other members can see in the account (especially what I can see as in their mind I have "God mode" being the creator of the Family Account).
Questions about ability for a Family Organizer to act in bad faith and cause catastrophe.
Can a Family Organizer remove my access to the account or my ability to demote Family Organizers back to Family Members?
Can a Family Organizer promote Family Members to Family Organizers?
Can a Family Organizer invite new Family Members?
Can a Family Member invite new Family Members?
I'm trying to determine what the risk of a Family Organizer acting in bad faith. A realistic hypothetical scenario is my brother inviting his future wife to the account and promoting her to Family Organizer (something that on the surface isn't an issue). They then have a maritial issues unknown to myself or other Family members, and out of spite she either locks everyone including myself from the accounts, or worse, steals private information from privately shared vaults she shouldn't have access to (depending on the answers about privacy above).
Suggestion (with attached image as an example)
Currently we see this:
Family Organizer
Can manage billing, people, and vaults, and can recover accounts for locked-out family members.
This is too ambiguous.
- Can Family Organizers see the billing address, expiration date, and last 4 digits of the credit credit of someone else’s billing information?
- What does “manage people” encompass?
- What does “manage vaults” encompass?
- What kind of access (if any) does recovering an account entail?
My suggestion is to make a table that breaks down and compares the permissions of Family Creator, Family Organizers, and Family Members similar to comparing computer monitor spec's online.
Privileges Account Creator Family Organizer Family Member View current billing information attached to account (including address and cc information) Only if self entered Only if self entered No Change billing information on the account Yes Yes No Inviting new Family Members Yes Yes No Add additional Family Member slots (increasing the price of account) Yes No No Promoting Family Members to Family Organizers Yes No No Demote Family Organizers to Family Members Yes No No Remove members from account Remove Family Organizers & Family Members Only Family Members No Create shared vaults? Yes Yes No View shared vaults? Only if explicitly added to that vault Only if explicitly added to that vault Only if explicitly added to that vault Add members to a shared vault? Only if you are the creator of that vault Only if you are the creator of that vault No | etc | etc | etc | etc |
I'd also like to suggest making a link to this right below the page page where you are allowed to change permissions so that the information is immediately accessible when it is needed and the information is easily digestible. See attached image.
If you've made it this far, thank you!
-joykm1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided0 -
Did you ever get a response from anyone on this?
0 -
Hi there @joykm
There are a lot of questions in your post, so I'll come to them individually.
Does the creator account have more privileges than Family Organizer accounts? Or once promoted, do Family Organizers essentially have admin privileges?
No, all Family Organizers are equal. The metaphor for Family Organizer is that of "parent/guardian/grownup" etc.
I am the Family Account creator. I've shared a private vault with my Mom containing sensitive medical information my other family members are not aware of. If I promote my brother to Family Organizer, will he have any knowledge of this private vault, or ability to add himself or others to the vault?
Trust goes both ways. As the creator of the Family Account, will I have any knowledge of or ability to add myself or others to privately shared vaults that I was not explicitly added to?
Yes to both of these. The only vault that family members can access where Family Organizers have zero knowledge or control is their own Private vault. Family Organizers can grant themselves access to any vault that isn't a family member's Private vault.
Is there any documentation I can share with my family on this so that they can trust the family account? They are hesitant to join because they are not sure what other members can see in the account (especially what I can see as in their mind I have "God mode" being the creator of the Family Account).
Anything they store in their own Private vault is inaccessible to anyone else. The question of "family member vs Family Organizer" comes about only when talking about other vaults, including Shared (there from the beginning), and any new vaults that anyone creates.
If there is a question of trust, they can be assured that items in their Private vault cannot be seen by anyone else in the family, even Family Organizers.
If there's an item they want to share in secret with another family member, they should use Item Sharing to do that: Securely share 1Password items with anyone. That item would be shared user to user, rather than going into a shared vault, where it could be (potentially) seen by a rogue Family Organizer.
One of the best practices for security is the "principle of least privilege" – giving users just enough access to do what they need to do, but no more. It's for this reason that it's vital to limit the Family Organizer role to only those who are trusted. If a family member isn't to be trusted with the privileges that come with the Family Organizer role, I'd recommend keeping them in the "family member" role instead.
Can a Family Organizer remove my access to the account or my ability to demote Family Organizers back to Family Members?
Can a Family Organizer promote Family Members to Family Organizers?
Can a Family Organizer invite new Family Members?Yes. All Family Organizers are equal in that sense, which is why it's so important to choose your Family Organizers well.
Can a Family Member invite new Family Members?
No, only Family Organizers can manage people.
Can Family Organizers see the billing address, expiration date, and last 4 digits of the credit credit of someone else’s billing information?
Yes. All Family Organizers can manage billing for the whole account.
What does “manage people” encompass?
The "manage people" privilege includes:
- add/remove family members
- promote/demote family members to Family Organizer
- add/remove guests
- provide account recovery for another user in the family (but not themselves, hence why we suggest having more than one Family Organizer)
What does “manage vaults” encompass?
With the exception of anyone's Private vaults, Family Organizers can change anyone's access levels to any vault.
What kind of access (if any) does recovering an account entail?
The Family Organizer conducting the account recovery only has to approve the recovery of the other family member – no access to their account is involved. The locked-out family member requests a recovery when they try to sign in to 1Password.com, and they receive an email containing a link which, when clicked, starts the recovery process. A Family Organizer then needs to click Complete Recovery on 1Password.com to allow the locked-out family member to regain access, with a new Secret Key and account password.
====
I hope that covers everything, but please let me know if you'd like clarification on anything or have any other questions. :)
— Grey
0
