Shared Vault with revoked access is still visible.

DoctorBrown
DoctorBrown
Community Member
edited October 2019 in Families

I am a new Families user. I tried to find an answer to this, but couldn't find it. I have the one shared vault created when the main account was setup. I have two family members created. On one of the accounts, I'll call 'John', I removed access to the shared vault. But 'John' still seems to have access to the shared vault. I have logged off 'John' and locked the account and re-logged in. The member account still has access.

I then created a second vault to share. I allowed 'John' access. The vault showed up almost immediately in the "John's" app. Then I removed access. The user's config on the Organizers web access says: Vaults 0, This person does not have access to any vaults. 'John' could still reveal the password (but not use it) in an entry for a while after I removed access. I'm not sure, but it seems it lasted until 'John' changed focus to a different vault. The vault is still visible, and when I gave focus to that vault, you can see entries, but now you can't see any data in the entry.

The vault was removed from "John's" view once I edited access to the first Shared vault.

So it appears that for the first shared vault, you can not remove access even though the Organizer's view says you can. Also, There is a delay in removing all access from other shared vaults.

What am I missing? The family member is running Win 7 Pro x64.


1Password Version: 7.3.712
Extension Version: 4.7.5.90
OS Version: Windows 10
Sync Type: Cloud

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @DoctorBrown: Thanks for reaching out!

    I removed access to the shared vault

    Can you tell me specifically what you did?

    Is there maybe some confusing due to having not removed the old standalone (local "On this PC") vault when migrating to the 1Password membership account?

    The user's config on the Organizers web access says: Vaults 0, This person does not have access to any vaults.

    The only way that should be possible is if you invited them as a guest, which would give them access to only a a single vault you expressly share with them. Otherwise, as a family member, they would always have their own Private vault, as that cannot be deleted. But that does not prevent them from having other (local) vaults completely separate from their 1Password account; that would be something they manage themselves in the app.

    So it appears that for the first shared vault, you can not remove access even though the Organizer's view says you can. Also, There is a delay in removing all access from other shared vaults.

    Could you please clarify what you're seeing exactly? If it's simpler, take a screenshot of this. To include it in your reply, simply click the document button in the top of the comment field, and select the file you wish to share:


     
    Just be sure not to post anything sensitive, as this is a public forum. Thanks in advance!

    But to clarify, the default Shared vault in 1Password Families is accessible to everyone you invite:

    Share passwords in 1Password Families

    You can create other vaults though, and share them with some, all, or none of your family members:

    Create and share vaults

    Anyway, let me know, and we'll go from there. :)

  • DoctorBrown
    DoctorBrown
    Community Member
    edited October 2019

    @brenty : Thank you for the quick reply. I would be glad to explain further.

    Can you tell me specifically what you did?

    Is there maybe some confusing due to having not removed the old standalone (local "On this PC") vault when migrating to the 1Password membership account?

    Prior to upgrading to Families, I had an individual subscription since Feb 2019. It has been working well. I was not using a standalone vault. On Oct 11 I upgraded to Families.

    In order to test and understand how Families works, I sent an invitation from the now Organizer account to another email address on a different computer. I acknowledged the invitation and setup the 'John' user on the other computer. As you know the first Shared vault is created automatically. I populated it with some password items and went to the 'John' account on Computer 2 and verified that the user was up and running with a private vault and the Shared vault.
    Here's what I did:
    1. On the Organizer account I went to People then select user 'John' I click 'Manage' then unckeck the box for Shared and click Update Vaults. File: 1P-Shot 1.jpg.
    2. Then I go to Computer2, Open 1P for 'John's account. You see 'John' still has access to Shared.

    The only way that should be possible is if you invited them as a guest, which would give them access to only a a single vault you expressly share with them. Otherwise, as a family member, they would always have their own Private vault, as that cannot be deleted. But that does not prevent them from having other (local) vaults completely separate from their 1Password account; that would be something they manage themselves in the app.

    The screen shots are:
    1P-shot1a.png - Organizer view of 'John' Note the Vaults: 0
    1P-PC2-Johna.jpg - 'John's 1P app showing access to Shared.

    Let me know if this is clear. I will answer the other questions in next post. It's late.....

  • AGAlumB
    AGAlumB
    1Password Alumni

    Prior to upgrading to Families, I had an individual subscription since Feb 2019. It has been working well. I was not using a standalone vault. On Oct 11 I upgraded to Families.

    @DoctorBrown: Ah, that's really good to know. Thank you!

    I am not going to quote all the rest, but suffice to say those details are incredibly helpful -- even if I'm a bit bewildered still at this point. Let me frame it this way, to see what we can learn:

    The default Shared vault is created as part of the 1Password Families membership initially. It will show up like this if you view its description/details directly from Vaults in the 1Password.com web interface:

    Shared
    Everyone in your family can view and edit items in this vault.

    Below that, you won't have any option to change any permissions, as those are only available for user-created vaults. Consequently, if you view a user's profile in People, while you'll see other shared vaults listed there to modify their permissions for that user, you will not see the default Shared vault.

    So, either you deleted the default Shared vault and created a new one with the same name, or something has gone wrong.

    Can you tell me if any of that rings a bell as far as you making changes over time (you mentioned switching from individual to family, but were there others?), and if there are any other oddities you've encountered with your account?

  • DoctorBrown
    DoctorBrown
    Community Member
    edited October 2019

    Yes, it is a bit difficult to explain it. I am certain I didn't delete and recreate the Shared vault.

    The default Shared vault is created as part of the 1Password Families membership initially. It will show up like this if you view its description/details directly from Vaults in the 1Password.com web interface:

    In the Web interface, in the Organizer account, I select People, then click on the 'John' account, initially I am able to edit the permissions for the Shared vault from the 'John' display. I then click the Manage control. In the Manage Vaults pop up, I was able to uncheck the Shared vault. The salient point is this: When I click Update Vaults the the display for user 'John' shows Vaults: 0
    I am able to change the permissions although it seems to have no effect. As you see from my screen shot, 'John' is a Family Member. If I log in to the 'John' account on another computer, I still have full access to the Shared vault. The issue seems to be in the Organizer account Web Interface.

  • DoctorBrown
    DoctorBrown
    Community Member

    OK, now the second issue... I did a bit more experimenting....
    I created a second vault to share, populated it with two entries. On the second computer I had the 'John' user logged in to 1P app and Web. In the 'John' profile on the Organizer, I enable sharing. Almost immediately, the new vault showed up for user 'John'. (So far, so good.) Now while still monitoring user 'john', in 'John' profile in the Organizer, I click Manage and disable access to the vault and click Update vaults. The item in the vault that 'john' was viewing becomes disabled but remains visible, including Details and you can reveal the password. As soon as he clicks a different item in the vault, the details are no longer viewable for all items and the items are inactive. The list view of the vault remains visible until the user logs off the app.

  • DoctorBrown
    DoctorBrown
    Community Member
    edited October 2019

    One more comment..
    I think you can improve the user profile in the Web UI. I think you can do away with the Manage button and the pop up completely. Where you see 'View & Edit' next to the tool icon, just say 'No access' or 'Disabled' in RED but leave the vault visible. You can do the exact function of the Manage Vaults pop-up by putting select boxes on the user profile screen. and allow multiple selection of the vault list.

    Would it be useful to have an Execute only setting? I understand that there may not be any advantage to it. The Execute only user could still easily reveal the password many different ways, i.e., cut/paste to a text editor.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @DoctorBrown: Ah okay. I think I understand now. Let me know if this is correct:

    1. You create a new vault
    2. You share that vault with "John"
    3. "John" accesses an item in that vault
    4. You revoke access to it from "John"
    5. "John" is still viewing the item from earlier
    6. When "John" tries to view something else in the now-revoked vault, he can no longer access anything there, as expected

    One more comment.. I think you can improve the user profile in the Web UI. I think you can do away with the Manage button and the pop up completely. Where you see 'View & Edit' next to the tool icon, just say 'No access' or 'Disabled' in RED but leave the vault visible. You can do the exact function of the Manage Vaults pop-up by putting select boxes on the user profile screen. and allow multiple selection of the vault list.

    It's certainly worth considering. Thanks for the suggestion!

    Would it be useful to have an Execute only setting? I understand that there may not be any advantage to it. The Execute only user could still easily reveal the password many different ways, i.e., cut/paste to a text editor.

    I'm not quite sure what you mean by "Execute". Can you elaborate on that, and the use case?

  • DoctorBrown
    DoctorBrown
    Community Member
    edited October 2019

    @brenty:

    1. John" is still viewing the item from earlier

    While 'John' is still viewing the item, he can still reveal the password.
    7. But he can still see all the items in the middle pane in the list view.

    I'm not quite sure what you mean by "Execute". Can you elaborate on that, and the use case?

    They can use the entry to login, but they can't edit or reveal the password or see any other details.

    It's certainly worth considering. Thanks for the suggestion!

    Great! I prefer to limit the number of 'pop-up' panes (as compared to drop down selections menu), if possible. I noticed that the Vaults > Vault Details page has the same Manage pop-up behavior except it is for the users. Same behavior should apply there also.

  • AGAlumB
    AGAlumB
    1Password Alumni

    While 'John' is still viewing the item, he can still reveal the password.
    7. But he can still see all the items in the middle pane in the list view.

    @DoctorBrown: That makes sense. You've already given "John" access to the vault and its data, so it's cached in the 1Password app on the device until changes sync. That's how 1Password is able to function offline, and, frankly, be responsive even when online: having cached data. "John" or anyone else you've shared data with can easily save it outside of 1Password, or keep their device in airplane mode to prevent the data from being removed when syncing. But revoking vault access prevents them from getting further changes to data there.

    They can use the entry to login, but they can't edit or reveal the password.

    Ah, gotcha. Those are things we've added to 1Password Business due to demand from companies, with the caveat that this does not actually prevent someone from being able to see the password outside of 1Password. We don't have plans to add granular permissions to 1Password Families, but you can set shared vaults there to read-only to prevent them from being modified.

    Great! I prefer to limit the number of 'pop-up' panes (as compared to drop down selections menu), if possible. I noticed that the Vaults > Vault Details page has the same Manage pop-up behavior except it is for the users. Same behavior should apply there also.

    I don't personally have a strong preference on way or the other, but it's something we'll evaluate as we continue to evolve the 1Password web interface in the future. Cheers! :)

  • DoctorBrown
    DoctorBrown
    Community Member
    edited October 2019

    One last question for now: :)
    If I delete the default Share vault and create a new vault with the same name, will this one behave like the original Shared vault or will it behave like a second vault you can share with selected users? If you do this, can you restore a vault that behaves just like the original, and always be viewable and editable?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @DoctorBrown: I think I initially misinterpreted your question, but since the answer is also interesting I'll address that as well after answering what I think your actual question is...if that makes sense. :lol:

    I think what you're asking is if the default Shared vault is replaceable. It is not. It has a special function unlike user-created vaults (all invited family members are automatically added to it), and when it's deleted it will not come back. Originally, for that reason, we did not allow it to be deleted. But customers gave us feedback that some family members were saving things they should not there (private stuff which really belonged only to them), and since the permissions cannot be modified we made it possible to to remove it. Additional vaults can be created for sharing with one, all, or none of the other family members, after all. The default Shared vault is unique though, and not replaceable. So unless you really need to get rid of it, I'd keep it, and at least store the family Netflix account or garage door code there, if nothing else. :)

    The imaginary question I thought you were asking at first is if deleting a vault and creating a new one with the same name takes on the attributes of the original vault. I guess in some sense that is what you're asking, but I did want to clarify, in case it help you or anyone else, that each vault as a Universally Unique Identifier (UUID), so even if the names are the same, they are completely separate and have unique encryption keys as well, which is what makes it possible to share one vault with a family member without giving them access to all your other vaults.

    As it happens, I have at least three vaults named "test" which are nearly indistinguishable. I should really clean that up. hehe

  • DoctorBrown
    DoctorBrown
    Community Member

    Thank you for the detailed reply. I find detail like this useful. :)
    My question was about your first answer because I had no idea about the UUID (of course). The logic of how the Shared folder work is reasonable. But I would question the wisdom of allowing the user to do something that can't be undone. Also, as you note, allowing the user to create vaults of the same name is confusing at the least. And could lead to unintended conditions such as making it more likely to share a vault they didn't intend.
    Just my 2 cents...(oh that a quarter now.)

  • AGAlumB
    AGAlumB
    1Password Alumni

    The logic of how the Shared folder work is reasonable. But I would question the wisdom of allowing the user to do something that can't be undone.

    @DoctorBrown: Can you elaborate? I'm not sure what you mean here.

    Also, as you note, allowing the user to create vaults of the same name is confusing at the least. And could lead to unintended conditions such as making it more likely to share a vault they didn't intend.

    That's a good point. Honestly, I'm not sure we'll change this since as far as I know I am the only one doing it, because I'm weird like that; but it's certainly worth considering, especially if we hear from customers that it's causing trouble for them.

    Just my 2 cents...(oh that a quarter now.)

    :lol: :+1:

  • DoctorBrown
    DoctorBrown
    Community Member
    edited October 2019

    @brenty: Thank you very much for having this dialog with me. I'm sure other users will appreciate it also.

    Can you elaborate? I'm not sure what you mean here.

    If the user deletes the default Shared vault either on purpose, or accidentally, and then wants the unique features it provides back, there seems to be no way to for a user to do it. That is going to be very frustrating. I almost did that to see if I wanted that and I would not have been happy to learn I couldn't undo that.

    That's a good point. Honestly, I'm not sure we'll change this since as far as I know I am the only one doing it, because I'm weird like that; but it's certainly worth considering, especially if we hear from customers that it's causing trouble for them.

    As a software engineer I have experience that if something can be done some users will do it, even if it's not a good idea and they don't realize the pitfalls of it. It seems like a fairly small change to not allow duplicate names and to head off some pretty consequential errors before you get complaints. Allowing more that one vault look identical makes working with them so much harder. Here are just a few reasons why.
    1. As I said, it is too easy to share the wrong vault. That could have serious ramifications if you expose the wrong password to others.
    2. Finding the vault you want to share will be difficult. When you are in the Manage Vaults page, how do you determine which of the identical names you want to share and with whom?
    3. It is harder to determine which vault you want to put new items in.
    4. File systems never (almost?) allow duplicate folder names even though the OS could tell them apart. Even Windows doesn't allow names that vary only in case.
    I'm sure your developers could come up with many more scenarios than I can. Maybe do a poll or something to gauge how users feel about it.

  • AGAlumB
    AGAlumB
    1Password Alumni

    If the user deletes the default Shared vault either on purpose, or accidentally, and then wants the unique features it provides back, there seems to be no way to for a user to do it. That is going to be very frustrating. I almost did that to see if I wanted that and I would not have been happy to learn I couldn't undo that.

    Gotcha. Yeah, I actually did that myself long ago. I think I recall one other person doing that. It's not something that comes up often, but we'll see.

    As a software engineer I have experience that if something can be done some users will do it, even if it's not a good idea and they don't realize the pitfalls of it. It seems like a fairly small change to not allow duplicate names and to head off some pretty consequential errors before you get complaints. Allowing more that one vault look identical makes working with them so much harder. Here are just a few reasons why.

    You're not wrong, but none of that will happen unless you make it. I think it's worth pointing out that it's kind of none of our business what users name their vaults, etc. So I'm not sure it's really our place to prevent that. Not to mention that vault names are encrypted, so it's not quite as simple as it may seem. The file system comparison is a good one, but not quite apples-to-apples for that reason; our "file system" itself cannot prevent name collisions for that reason. But we'll see if we get similar requests from others.

This discussion has been closed.