Reverse the way group permissions work.

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Reverse the way group permissions work.

Postby neveryoumind » Sun Dec 06, 2015 10:21 pm

Right now if a user belongs to two groups the group with the least access counts. This is the opposite of the way one would expect. In almost every other product the group with the most permissions applies.

If I belong to the folders "everybody", "developers", "sysadmins" and I have a share which denies access to everybody but grants access to sysadmins I will not have access to this resource. This is the opposite of what I would expect. One weird side effect of this policy is that practically speaking you don't ever put somebody in more than one group.

Can we have an option to reverse the way this works.

Posts: 3
Joined: Thu Dec 03, 2015 6:28 am

Re: Reverse the way group permissions work.

Postby AyaLP » Thu Dec 17, 2015 4:14 pm

Thank you for the suggest. I have passed this to the dev team for their review for consideration.
Posts: 125
Joined: Thu Sep 20, 2012 4:31 pm

Re: Reverse the way group permissions work.

Postby leila » Tue Mar 01, 2016 9:20 pm


Please do allow us to configure this behavior by policy. We have the very same problem described above. I want to allow - for example - "Department X Managers" to administer a shared folder while "Department X Team Members" should be able to read/write/modify - but the "Department X Managers" are also "Department X Team Members" in our Active Directory group. The normal behavior in every other tool or access-control list I've seen is to do the opposite of what has been implemented and give people the highest level of permissions that any group membership gives them.

If at all possible, I'd suggest you implement this in a way such that new enterprises who sign up after this feature is implemented get the opposite behavior to what they would get today. Existing customers should keep the current behavior unless they specifically enable the new policy. If not possible, a new policy by itself would be fine - but it should be listed as "RECOMMENDED" at least.

The fact that permissions work this way currently really limits the ability to use groups for different permissions levels since it is extremely common for a person to be a member of multiple groups like this. It's also very confusing for users and administrators who have always seen the opposite behavior.
Posts: 4
Joined: Mon Feb 29, 2016 2:38 pm

Re: Reverse the way group permissions work.

Postby tim861 » Mon Mar 07, 2016 12:45 pm

+1 - permissions should always be top down.

on second thoughts, this should only be the case when someone is viewing a folder with permissions that apply.
i.e. "Dev manager group" vs "office drone group".

Dev manager group permissions should only apply on folders with dev manager enabled. And office drone applies to folders with office drone. However if both in the same folder, top down scructure applies. i.e. highest permission first.
Posts: 5
Joined: Thu Mar 03, 2016 5:18 am

Return to Feature Requests

Who is online

Users browsing this forum: Google Feedfetcher and 23 guests