Set granular permissions on vault users through CLI?
We have a use case of auto-populating some vaults through the CLI, add users to them, but would like the users to have more restricted access.
I seen other previous comments about various enhancements to permission models - this would be good too and there are probably a lot of things you could do to make permissions and settings more granular. Putting aside enhancements to permissions and just speaking on the CLI, even with the existing permissions model as it is exposed in the 1password web UI for the vault, where you can restrict to view or view+edit, it would be good to expose that level of detail on user permissions and client settings in the CLI.
We have a scenario where we will prime some vaults with entries and ask people to use them, but we don't want them really messing with the entries too much or deleting them for instance, so having more granular control on permissions through the CLI would be great.
On op add user I see --role role set the user's role in a group (member or manager) (default "member") - does this accept anything more granular than member/manager or any additional flags that can be used? Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Unfortunately it's currently not possible to set or change the vault access permission via the command line tool. I will discuss this with the rest of the team. I wish I had a better answer, but thank you for expressing your interest in that feature.
0 -
Big +1 on this. We are actively implementing significant amounts of automation to grant vault access to groups coming from our IdP. Being able to specifically assign the type of permissions for each group will save us a ton of time and minimize opportunity for human error.
0 -
Thank you as well for sharing your thoughts about this with us @RadZombie, noted :+1: :)
0
