Add unshare option (1 click move organization vault item to individual vault)

As originally requested by someone else here… Add "Unshare" option to return item to personal vault · Issue #158 · bitwarden/server · GitHub

I’m looking to unshare a login that was shared with an organization.
Simply unchecking the collection it belongs to doesn’t remove it from the organization, and deleting it from the organization or the personal vault deletes it from both places.

Just tried this, and it seems like a logic hole. If you remove from a collection then it is no longer shared in that collection. But if the item is not in any collections, then it should automatically be removed from the organisation. You can’t share an item to an organisation without giving it a collection, so the reverse should also apply.

4 Likes

As a shared login will go into the possession of the organization, it should be possible to select who will be the new owner of the shared login after it has been unshared.

Probably it makes sense to only allow the owner to do such things.

3 Likes

hmmm… in that case every shared item would need to retain a history of who owned it previously, or which individual account created it.

So if Mr. A created a password and shared it, and Mr. B is Mr. A’s boss and says hey woah don’t share that and unshares the password, you think it should revert to Mr. A’s private password?

I’m trying to see the logic here, let me know if I’m wrong.

2 Likes

I think any owner of an organization should be able to “claim” a password back into their own personal vault.

This would be one additional level of difference between Owners and Admins

5 Likes

Adding a +1 for this, noticed when sharing something for family to temporarily use via the org that there was no way to unshare it without creating a new item with the same info and deleting the old one (which would also negate any history on it).

I’ve started working on this myself, at least with the core/web/jslib repos.

1 Like

Similar problem here. Moved an entry to the wrong organization and can’t claim it back or move it to another. Since there is also no way to duplicate an entry I have to manually create a duplicate and delete the one from the organization.
That feels very unnecessarily complicated and error prone. (Not to mention - as has been said before - that I now lose the password history.)

1 Like

Sharing an item transfers ownership of that item to the organization. The original user that created the item no longer owns that item.

Adding an “unshare” option would pose a couple of issues:

  1. We would have to keep track of who originally created items, even after ownership transfer.
  2. What if the organization owners/admins don’t want users to be able to “claim” the item back?
  3. Who gets rights to “unshare” an item?

Perhaps the real issue here is the terminology being used. You aren’t really “sharing” something, which I suppose is implying that you can take it back. What you are doing is transferring ownership of an item from yourself to the organization entity.

5 Likes

I had wondered how this works and now that you’ve explained it, personally I prefer the way it is.

I also agree that the term “share” is probably not the right one. Also, the little sharing icon that appears on such an item does indicate sharing rather than transferring so maybe that needs removing or changing?

3 Likes

Thanks for clarifying that the mechanism is transfer rather than share, but is there (or could there be) a converse to transfer ownership from an organisation to an individual.

Under control of an organisation admin of course.

5 Likes

I think anyone who is allowed to delete an item from an organization should also be allowed to move it back out - for the organization its the same … the item is gone afterwards.

9 Likes

This explanation is very very helpful! I also agree with others, using the term “Share” is probably not the right term.

This also explains why you can import a CSV into the “account” or into the “organization”.

1 Like

I also would like to see the above function. +1 vote

1 Like

Fixing the terminology to “transfer” / “move” would be a good first step

While trying to move something back from org, I was able to move it to personal folder.
It was then in a limbo state where I couldn’t remove it from my personal folder and I couldn’t move it back to the org sine it’s was still considered there and also once I deleted it, it was deleted from the organization (and my personal folder)
That was kind of confusing as well

2 Likes

While trying to move something back from org, I was able to move it to personal folder.

Folders in Bitwarden are organizational constructs. They’re essentially hierarchical tags. They don’t actually indicate anything about where an item is stored within Bitwarden. They are completely orthogonal to organization collections. They are per-user, i.e., when you create a folder in your Bitwarden account and put something in it, the folder and its contents are visible only to you. Other users have no idea what folders you have or what’s in them, and they can put the same items in completely different folders.

You didn’t actually “move” the item referenced above into a personal folder. You associated it with a personal folder. This had no impact on its status of being owned by the organization and associated with zero or more collections within the organization.

In short, folders and collections are completely different namespaces. Folders are per-user, collections are shared. Changing an item’s folders doesn’t change its collections an vice versa.

3 Likes

Anyway, I couldn’t find a way to remove it from that folder. That folder by the way was the no folder folder :slight_smile:

1 Like

“No Folder” is not a folder, it is a filtered grouping of items that have no folder assignment.

2 Likes

New and happy Bitwarden user. Reading the thread and suggest

  • for changing terminology from “folder” to “tag”. Tags are as well know as folders and I think the same is true for the difference between the two
  • not sure if changing terminology from “share” to “transfer” makes much sense. While the owning right is transferred, you actually use the feature to share secrets. You just need to know you also give away the controlling right with that sharing. Perhaps a message box would make sense?

An organization owner / creator also always is the owner of at least one personal account (the one that created the organization in the first place). I strongly suggest to implement a transfer from an organization account to the linked personal account, which essentially is a “move back” or “un-share” if you will. The link may be that the email addresses of both match, I’m no expert here.

3 Likes

Please explain how I can get back my shared item when I decide to not share it anymore with my organisation… Thx.

2 Likes

You will need to create a new item in your personal vault with the same details and then remove the other from the organisation, note that removing also deletes from your personal account so make sure you create a new one first :slight_smile:

1 Like