Product Communities
Sign In Register

Move shared folders "restrict" option to apply WHEN FIRST ADDING USER to shared folder

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines

Move shared folders "restrict" option to apply WHEN FIRST ADDING USER to shared folder

Move shared folders "restrict" option to apply WHEN FIRST ADDING USER to shared folder

Status: New Submitted by on ‎10-25-2020 08:35 PM
1 Comment (1 New)

This is needed for LastPass Teams Shared Folders, but should apply for other kinds of accounts as appropriate.

 

Currently when using "Invite Users or Groups:" to add a user to a shared folder, you can select Permissions of Read Only, Administrator, and Hide Passwords. Add a new permission you can select AT THE INVITE STAGE of "Add Available only (always add new items as Unavailable".

 

This is needed because, as the system works now, there is a MAJOR SECURITY FLAW in the system now as it exists!

Example: Create a folder with 4 records in it. Make it a Shared Folder. Share it with someone in your team. You can now click the wrench to edit their permissions, select "Add Available only (always add new items as Unavailable" and the select the records to share by dragging then to the right-hand column. Save that selection.

Now invite a person who is NO in your team, or just who does not have sharing keys created.  Once you invite them you are NOT able to edit their sharing permissions until they accept the invite and create sharing keys. This mean that if they create sharing keys THEY GET ACCESS TO EVERY RECORD IN THE SHARED FOLDER before you are able to restrict them to specific records.

THIS IS A MAJOR SECURITY FLAW.

Allowing the selecting of  "Add Available only (always add new items as Unavailable" WITH the step of inviting the person then means that the person has access to ZERO records when they accept the invite and/or create their sharing keys instead of having access to EVERYTHING.

See more ideas labeled with:
1 Comment
JayMeIn
Active Contributor
‎07-25-2023 05:08 AM
‎07-25-2023 05:08 AM

Got hit with this yet again. Since I can't know if a given user is someone who already has a LastPass account or not, when I add them to a shared folder they are given access to every single password in that shared folder. Until they accept the invite I cannot mark them as "Add Available only" and thus they see every password in that folder until I figure out (from them usually!) that they can see every password in th folder and only THEN can I go in and mark them as "Add Available only" and select for them only the single password that I want them to see instead of the whole folder.

 

THIS IS A MAJOR SECURITY FLAW. All new users added to a folder should always be added automatically as "Add Available only" so that the user will not see ANY records in a folder until you specifically select those records for them. (Or if you choose to manually uncheck "Add Available only" for that user.)

About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved