How does a vault manager edit permissions for members?

jesslee
jesslee
Community Member

I'm an admin, so I can't figure out how this works! But I have a teammate who manages two vaults. She can add/remove people just fine, but cannot adjust their permissions (read only, read/write, etc). She doesn't have access to the Admin Console. I dug up somewhere that she might need to be part of the Vault Managers group, but I don't seem to have the option to add her to that group (it doesn't exist as far as I can tell) or know how to create that group (if that's even something I could do). Any ideas? I feel like I may be missing something fairly obvious. Any help is welcome, thanks!


1Password Version: 6.1
Extension Version: Not Provided
OS Version: OS X 10.11.3
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jesslee: Sorry for the confusion! Vault managers are setup per-vault (rather than being a special group, since you might not want them managing all the vaults!) Just follow this guide:

    Promote a user to vault manager (Teams/Families)

    Now, if this is something that they need to be able to do globally, then you may want to consider making them an Admin as well. Otherwise setting their permissions on individual vaults to allow them to Manage it will work.

    I hope this helps. Be sure to let us know if you have any other questions! :)

  • jesslee
    jesslee
    Community Member

    Great, thanks for answering! This is helpful, but still doesn't answer the question of how she can go about changing permissions for people who have access to the vaults she manages. Again, she can add and remove people no problem, but can't figure out how to adjust their permissions (say from read/write to read only). As an Admin, I see that function via the gear next to someone's name in the Admin Console, but she doesn't have access to that of course since she isn't an admin. Thanks again for your help, @brenty!

  • @jesslee Ah, thanks for clarifying. There may be an issue here. In my account, I just tried to use my manage permissions on a vault with a non-admin user and I couldn't add or remove users. Do you know how she's doing that? There isn't a vault managers group — there are only three groups, in fact, and those are Administrators, Owners, and Recovery — so she's not missing anything there. It seems we are missing something since having the ability to manage a vault doesn't work unless you have access to the Admin Console, which requires being an admin. I'm glad you brought that up, and I'll forward it to our developers so we can figure out a better way of doing things.

    As for your particular issue, a bit more info about how she is adding and removing people would be most helpful. :)

    ref: B5-1344

  • You can manage the members of a vault from the home page if you have both Read and Manage access. If you have only Manage access to the vault and you're not an administrator or owner, you won't be able to manage the members of the vault, which is an issue.

    It's not possible for vault managers who are not admins or owners to manage specific read/write access of vault members at this time, @jesslee. That is its own issue that I will bring up with our team, but at this time, only admins and owners can manage fine-grained access levels.

  • jesslee
    jesslee
    Community Member

    Thanks @rob! That at least answers my question (and will put the fears of my colleague to rest, as she was afraid she was just doing something wrong). We'd love it if down the road Vault Managers had that ability!

    FWIW, the wording in the glossary is a bit misleading as it specifically mentions the ability for a Vault Manager to set their access permissions: https://support.1password.com/teams-glossary/

    Thanks again for your help!

  • jesslee
    jesslee
    Community Member

    @penderworth I believe she's adding/removing users as a Vault Manager from the Home/Your Vaults page, and using the pencil icon to add/remove people from vaults.

    Yeah, she's unable to set their permissions which is something she's like to be able to do (make some folks read only for example). Seems like that isn't possible for now, which is understandable since you're in beta! If that could get added in the future, we'd sure love it. :)

    Let me know if you need any more info or I can help out in any way! Thanks!

  • Thanks, @jesslee! We do have some adjustments to make there.

This discussion has been closed.