Hide shared folder passwords from Super Admins

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Hide shared folder passwords from Super Admins

Postby KorinDallas » Wed Jun 24, 2020 12:14 pm

Modify the behavior of the Enterprise policy Permit super admins to access shared folders. Create a new access role to allow super admins to manage shared folder permissions without access to the password entries.

The recommended enterprise policy Permit super admins to access shared folders, is great for ensuring that all admins aren't accidentally removed from a shared folder. However, the policy adds super admins to the folders just like any other admin, which includes access to view the passwords and causes the passwords to be presented when logging into matching websites. This could cause super admins to inadvertently access passwords that they don't need or shouldn't have. It also reduces accountability, because no super admin can prove that they didn't use a password from a shared folder.

Instead, create a new shared folder role that allows managing permissions without visibility of the individual passwords. Super admins can then invite authorized users and manage permissions, but they don't have access to passwords they shouldn't. If a super admin does need access to the shared folder contents, they can still grant the access to themselves, and the change will be logged appropriately.
KorinDallas
 
Posts: 5
Joined: Fri Oct 05, 2018 10:08 am

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 16 guests