Hi, I am stuck in the following situation.
- Someone has left the organisation, and I want to delete the user. I don’t have their private key.
- When I try to delete the user, it says I cannot because there are three passwords of which they are the sole owner
- I have the “Admin” role. I am also a member of a group which two of those three passwords are accessible to.
- When I go to one of those two passwords and select the Share tab, I can see:
Some Group [can update] (X)
Left Person [is owner] (X)
- However I can see no way to add a new owner, nor change the status of either item (the drop-down is greyed out), nor delete either entry (the (X) button has no effect)
I found these previous posts:
As an admin, while deleting a user who is the sole owner of a password that is shared, I should be able to transfer the ownership to another user in order to be able to perform the deletion
Assuming that the feature is not implemented, is there a documented way to get out of this situation via direct SQL manipulation?
Supplementary question: I’m not entirely clear about the capabilities granted to password “owner”, versus system “admin”. If this is documented somewhere, can you point me to it?
I am guessing that an “admin” can create new users, but only the password “owner” can decide who it is shared with. If so, I presume this distinction is so that admins cannot add sharing rights to themselves to see any stored password.
However, you will note that in the case of two of the three passwords, I already have rights to see and edit the passwords (by virtue of my membership of another group which the password was shared with).
In that case: perhaps it would be reasonable that an Admin who already has read or update access to a particular password, should gain Ownership rights to it (i.e. be able to modify the sharing rights). Does that make sense?