Category read-only mode

Category read-only mode • LockPass

Read-only mode

Read-only mode lets an administrator, moderator, or manager prevent standard users from creating or moving passwords within a shared category, while keeping read access. It is enabled through the "Allow password creation" setting, available in the settings of each shared category.

This setting is independent of the other rights (edit, delete) and applies recursively to all associated sub-categories.

When the feature is rolled out, the setting is enabled by default on all existing categories to preserve the current behaviour. No action is required to keep things working as before.

Who can configure this setting?

The setting can be configured by Super Admins, Admins, Moderators, and Category Managers (on their assigned categories). These roles are never subject to the creation or move restriction. Standard users have no access to this configuration.

Setting a category to read-only

To enable read-only mode on a category:

  1. Click the relevant category.
  2. Open the Category settings.
  3. Disable the "Allow password creation" option.

The category switches to read-only, along with all of its associated sub-categories.

Reclaiming password ownership

If standard users own passwords in the category, an alert modal appears when you disable the setting. You may then run the "Reclaim password ownership" action, which removes those users' ownership rights.

  • If you do not reclaim ownership: standard users keep their rights over passwords they already owned (edit, move, delete of those passwords), but can no longer create new ones in the category.
  • The setting change and the reclaim action are logged and surfaced in the LockPass dashboard for audit purposes.

Behaviour for standard users

In a read-only category (setting disabled), standard users will notice the following changes:

  • Creation blocked: the "+" password creation button is hidden. When creating from the modal, read-only categories appear greyed out and non-selectable.
  • Move blocked: when moving a password, read-only categories are greyed out and non-selectable as a destination.
  • Retained rights: for passwords they still own, standard users can still edit, move, or delete them.

Updated