Roles and permissions for recipients of shared items

Recipients of shared folders or individual items can be assigned one of three permission levels. This article explains what each level means.

Written by Owen Parry

Updated at December 19th, 2025

+ More

Table of Contents

Roles Available When Sharing Items or Managing Vaults Owner Editor Read‑Only / Password Visible Read‑Only / Password Hidden (Invisible) Behavior Across Platforms WebApp Browser Extension Mobile Apps (iOS & Android) How Permissions Affect Item Management Sharing Changes Interaction With Shared Vaults Security Considerations Why Invisible Mode Removes Copy Password Auditing Changes Summary

This article explains the permissions available when sharing items in Password Boss, how each permission works, and what recipients can or cannot do with shared items. It includes updates to reflect recent product changes, including suppressed Copy Password actions for Invisible shares across the WebApp and Browser Extension.

Owner

The Owner role represents the highest level of control for both shared items and vaults.

Owners can:

View and edit all item fields, including passwords.
Add or remove items from the share or vault.
Change any recipient’s role (Editor, Read‑Only, Invisible).
Revoke access for any recipient.
Move items into or out of a Vault.
Convert a Share to a Vault (when applicable).
Manage Vault membership and Vault roles (Owner, Editor, Reader).

Owners cannot:

Bypass Zero‑Knowledge rules (they cannot view hidden content if they do not possess the required encryption keys).
Be removed by other recipients—only another Vault Owner (in multi‑owner vaults) or the system administrator (for Business accounts) can replace/remove an Owner.

Differences Between Owner of a Share vs. Owner of a Vault

Share Owner: The person who originally shared the item(s). They control roles and access but do not have Vault‑level management options.
Vault Owner: Controls the entire Vault, its contents, and membership. Vault Owners can add/remove multiple items at once, invite members, and set roles for each member.
Converted Shares → Vaults: After conversion, Vault Owner(s) inherit full control; former share recipients do not automatically become Vault Owners.

Editor

The Editor role grants the highest level of access.

Editors can:

View all item fields, including passwords.
Edit any field on the item.
Add new items to the share.
See updates from all recipients immediately.

Editors cannot:

Remove the original share owner.
Change vault ownership or convert sharing models.

Read‑Only / Password Visible

This role allows visibility into all fields without editing rights.

Recipients can:

View all fields, including the password.
Use autofill and browser extension suggestions.

Recipients cannot:

Edit any part of the item.
Add items to the share.
Delete the item.

Read‑Only / Password Hidden (Invisible)

This is the most restrictive sharing role.

Recipients can:

Use the item to log into websites using Password Boss autofill.
See non‑sensitive metadata fields if permitted.

Recipients cannot:

View the password field.
Copy the password from anywhere in the UI.
Reveal or export any hidden field.
View or interact with password content via API‑driven tools.

Updated Behavior (Browser Extension + WebApp)

Copy Password is now entirely suppressed for Invisible shares.
The Browser Extension does not surface a Copy option when an item is Invisible.
Users can still autofill the credentials, but cannot extract the password.

Behavior Across Platforms

WebApp

Permissions are enforced consistently across item details pages, vaults, and the new multi‑folder navigation.
All hidden fields remain masked for Invisible shares.
Vault Owners see additional management controls.

Browser Extension

Displays only fields allowed by the permission level.
For Invisible shares:
- Autofill is allowed.
- No Copy Password option appears
- Quick actions appear only when allowed.

Mobile Apps (iOS & Android)

Password visibility rules match the WebApp.
Attempting to copy a password from an Invisible item triggers a “Not permitted” notice.
TOTP is available only if the share includes TOTP visibility.

How Permissions Affect Item Management

Owners and Editors can add items; Read‑Only roles cannot.
Role changes update permissions immediately for all platforms.

Interaction With Shared Vaults

Vault permissions override share‑level permissions.
Vault Owners control membership, roles, and item movement.
Invisible behavior continues inside Vaults if the Vault role is restrictive.

Security Considerations

Why Invisible Mode Removes Copy Password

Invisible mode is designed to:

Allow operational use (autofill) without exposing credential secrets.
Prevent copying, exporting, or revealing passwords.
Enforce Zero‑Knowledge principles consistently across WebApp, extension, and mobile.

Auditing Changes

The Activity Log records:
- Role updates
- Ownership changes
- Vault migrations
- Permission restrictions

Summary

Owner: Full control over items and vaults, including roles, membership, and conversion of shares to vaults.
Editor: Full visibility and editing, but no ownership or role-management privileges.
Read‑Only / Password Visible: View‑only, including password.
Read‑Only / Password Hidden (Invisible): No password visibility; autofill only; Copy Password suppressed.
Vaults can override share permissions depending on Vault roles

shared access recipient rights sharing permissions shared items roles editor role owner role read-only invisible role password visibility password hidden vault permissions share to vault vault roles access control permission levels item sharing autofill access browser extension behavior zero-knowledge copy password suppression shared vaults membership management

Contact Us