Can Update permits

Hi, I am using passbolt v3 and I just realized that when I share a password with another user in “can update” mode he can modify it and also delete the password. This was not possible before with other versions of passbolt, wasn’t it?

Can read > read only
Can update > modify only, not delete???


Hi @Witty :slight_smile:

Maybe it is not the best behavior, but a user who is able to update a password is also able to delete it :confused:

The difference between “can update” and “is owner” rights is the ability to give or remove permissions.

Best regards,

Maybe, this could be the subject of a forum, but I believe that this was not the case in previous versions of passbolt.

This is the same behavior since version 1. The rationale is that someone who can modify the resource can already make it unavailable, for example by putting " " in all the fields. In terms of security impacts both update and delete are the same, but I get your point in terms of end user expectations.

We’ll see if we can revisit this with the ACL feature (which will allow more fine grained control / creation of custom roles).

1 Like

By the way, I just installed an old Passbolt CE package on Debian with the oldest package available (2.13.5-1) to check again and I was able to delete a password as a user with the “can update” rights so it is not a change or regression with the v3.

Perfect, thanks for the info guys, it helped me a lot, and remy I think it would be a good option to fine tune this point.
Thanks again

There are more differences between “can update” and “is owner” and in my opinion, some of do not make sense.
For example: You can only edit tags if you have the “is owner” permissions, but not with the “can update” permission.

I would really appreciate if this could be discussed and fixed, if other Passbolt administrators agree. What I would also love to see is a more granular permission system.

1 Like