Hi Yannick_Tyvaert,
Good question! 1Password Business accounts include granular vault permissions, such as the 'View and Copy Passwords' permission. If a team member doesn’t have this permission for a specific vault, they won’t be able to reveal or copy passwords for any items stored in that vault when using 1Password apps. However, they can still fill passwords into websites using the 1Password browser extension.
It’s important to note that the 'View and Copy Passwords' permission is client-enforced, meaning it is applied within the 1Password apps and not enforced through encryption or on the server. Because of this, a determined individual may still find ways to reveal a password outside of the 1Password apps. For instance, if a password is filled into a browser, the team member could modify the webpage’s HTML to convert password fields into plain-text fields, exposing the password. Similarly, this could occur on websites with a “View Password” option. For this reason, the 'View and Copy Passwords' permission should be considered a deterrent rather than an absolute restriction.
For more information about how permissions are enforced in 1Password, check out our guide: How vault permissions are enforced in 1Password accounts.