How Sharing Works

Share Permissions

Editor

• View all item details, including passwords.
• Edit fields.
• Add items to the share.

• Remove the Owner.
• Convert the share to a vault.

Read‑Only / Password Visible

• View everything, including passwords.
• Use autofill.

• Edit or delete.
• Add items.

Read‑Only / Password Hidden (Invisible)

• Use autofill to log in without seeing the password.
• Access non‑sensitive metadata (if allowed).

• View or copy the password.
• Access hidden fields.
• Extract credentials via extension or API.
•  

Updated Behavior

• Copy Password is fully suppressed in the WebApp and Browser Extension.
• Autofill remains available.
• Invisible access does not migrate when converting to a vault
   

How to share items

Managing Existing Shares

Actions Include:

• Changing roles (Invisible → Reader → Editor).
• Removing a recipient.
• Reviewing activity logs.

Converting a Share to a Vault

When to Convert

• Multiple people need ongoing access.
• You want role‑based management.
• You want the ability to assign multiple Owners.

Important Rules

• Items are moved to the vault.
• Clone items in other shares stop being shared elsewhere.
• Invisible recipients are not added to the vault.
• Former recipients must be assigned Vault roles manually.

Behavior in the Browser Extension

• Editor: Full view, editing shortcuts.
• Read‑Only Visible: View and autofill.
• Invisible: Autofill only; no copy, no reveal.

Behavior on Mobile Apps

• Password visibility follows permission level.
• Invisible users attempting to reveal a password see a Not permitted message.
• TOTP is shown only if visibility is part of the assigned role.

Security Considerations

• Sharing uses Zero‑Knowledge encryption.
• Only the Owner and approved recipients can decrypt items.
• Invisible mode exists to allow login use without exposing secrets.
• Activity Logs track role changes, recipient additions/removals, and vault migration.

Summary

• Sharing supports granular permissions.
• Invisible users have the strictest restrictions and cannot migrate to vaults.
• Role changes take effect instantly everywhere.
• Converting shares to vaults centralizes control and enhances team management.

Why you should use groups

Groups are designed to make it easy to manage recipients of shared items. The benefits of using groups include:

• Shares sent to groups are automatically updated as the membership changes. If shares are sent to individuals, each must be manually edited as the recipient list changes.
   
• It is quicker to manually choose groups as recipients then add each recipient individually.
   
•  If you need to review a share and who has permission to share, you do not need to scroll through long lists of recipients.
   

The Everyone group

All teams have an Everyone group that is automatically created for your team. The Everyone group contains all team members from your account.  The membership of the Everyone group is maintained automatically by Password Boss.

Use meaningful names for groups

• Use names for your groups that describe the group so that other team members can identify the group. Group names that identify the group, project, or department make it easy for other team members to know what the group is for.  Examples: Marketing, Finance, Project Alpha.
   
• Consider adding the permissions to the name of the group. 
   
• Depending on your team structure, it may be useful to create groups that will be used to assign read-only permission and other groups with editor permissions. Examples: Marketing-Read Only, Marketing-Editor, Sales-Read Only, Sales-Editor, Admin-Read Only, Admin-Editor.
   

Avoid duplicating groups

Keep your list of groups concise and avoid making groups that duplicate the membership in an existing group.

How to create groups

1. Login to the Password Boss portal as an admin for your team.
    
2. Click Users & Groups from the left menu.
    
3. Scroll down to the Groups section.
    
4. Click +Create New Group.
    
5. Enter a group name and click save.
    

How to add or remove users from a group

1. Login to the Password Boss portal as an admin for your team.
    
2. Click Users & Groups from the left menu.
    
3. Scroll down to the Groups section.
    
4. Find the group you want to change.
    
5. From the blue Actions button Choose Edit.
    
6. Add or remove users from the group. You can also edit the name of the group from this screen.
    
7. Click Save when you are done.
    

How to delete groups

1. Login to the Password Boss portal as an admin for your team.
    
2. Click Users & Groups from the left menu.
    
3. Scroll down to the Groups section.
    
4. Find the group you want to change.
    
5. From the blue Actions button Choose Delete.
    
6. On the confirmation screen, click Delete group.
    

Empfänger freigegebener Elemente (Ordner oder einzelne Elemente) können über drei mögliche Berechtigungen verfügen. Dieser Artikel erläutert die einzelnen Berechtigungen.

Editor

• Mächtigste Berechtigung
  
• Benutzer können alle Felder sehen und alle Felder ändern.
  
• Benutzer können der Freigabe neue Elemente hinzufügen.
  
• Alle Änderungen eines Redakteurs werden direkt an alle Empfänger gesendet. Änderungen müssen nicht über den Freigabebesitzer laufen.
  

Nur Lesen / Passwort sichtbar.

• Benutzer können das Passwort und alle anderen Felder eines Artikels sehen.
  
• Der Benutzer kann keine Felder am Artikel oder an der Freigabe ändern.
  

Nur Lesen / Passwort nicht sichtbar.

• Restriktivste Berechtigung
  
• Benutzer können das Kennwort nicht sehen, sich aber bei einer Site anmelden.
  
• Der Benutzer kann keine Felder des Artikels ändern.