Add unshare option (1 click move organization vault item to individual vault)

Thank you very much. That was exactly what I needed. I cannot believe that I was so blind that I missed the right field when I cloned an item.

I showed Bitwarden to a friend yesterday. He tried it and liked it a lot. I think he will also buy a family plan. I have just gone premium to support Bitwarden.

Thanks again for your quick help.

3 Likes

@mpiter - glad to help! And thanks for not un-sharing Bitwarden! :sweat_smile:

2 Likes

Deleted my reply about how stupid this decision is, great!

You’re free to voice your thoughts in a polite manner.

You’re also more than welcome to disagree with mine or anyone else’s opinion - politely.

2 Likes

I agree the lack of an unshare feature is unintuitive, and I hope it will be implemented (with appropriate warnings and/or checks as suggested). Meanwhile, I’m relieved to have found a usable enough workaround (based on tgreers’ suggestion above – thank you!):

As the “owner” of an “organization” representing a two-person family, I’ve made two collections, one called “Shared” (available to both of us) and the other called “Unshared” (available only to me). To unshare a login, I edit it so that it belongs only to the Unshared collection.

(Since I trust my wife, I don’t bother to change the password after unsharing. I only unshare it to avoid the confusion of having two autofills available for a given site.)

One thing that makes even this workaround confusing is the fact that in the Web Vault, the Edit Item screen lacks Collections information.

Thankfully, Collections can be edited in various other ways: from a list of logins in the Web Vault (click the gear icon to the right of a login), from the browser extension (Edit Item), from the mobile apps (Edit Item).

3 Likes

Hello Everyone,
building on this, I thought how one could implement this. For 2FA authentications there is a possibility to implement it. Therefore I Wrote a new feature request since it is not exact the same … .

Maybe this implementation is also useful for you :smiley: :

1 Like

I am currently on the Family Plan trial week. I have decided to not continue with the Family Plan and go with two Premium accounts for my wife and I. First of all, it’s less expensive, but that’s not the main reason. To me, being able to share a password and then retract it should be such a common feature, there shouldn’t be any discussion about it. Personally, I don’t want the aggravation of cloning and changing passwords in order to accomplish what should be basic practice. It’s Bitwarden’s philosophy that I disagree with. I agree with the philosophy of other password managers that do have this service - LastPass and Dashlane come to mind. To me, I don’t see what’s so difficult about setting up a switch, utilizing an owner’s privilege to choose whether or not to allow Sharing and Retracting (or Unsharing) for a specific item, an individual, that particular organization, or even in the entire vault. I mentioned before that I disagree with Bitwarden’s philosophy. It seems to be that Bitwarden users are treated like children, in relation to this issue, rather than adults. The choice is made for us. Even with many customers begging for this change, we’re just not mature enough, nor have enough foresight, to realize the dangers of simply Sharing and Retracting (or Unsharing). I haven’t used Bitwarden (the free version) long, but I do appreciate that Bitwarden solicits user feedback in order to improve the product for their users. However, when it comes to this particular issue, apparently we’re just too ignorant and/or immature to know what’s best for us. I realize that, as a private company, Bitwarden has a right to do whatever it wants to do, and if the user doesn’t like it, he can always go somewhere else. But, this to me, goes against the grain of trust associated with the whole open source model.

2 Likes

This is necessary, mostly when we’ve used the feature often in LastPass.

2 Likes

We migrated off LastPass with a couple trial organization, however, cannot recommend bringing more over without this ability to “stop sharing” items that were originally created in the personal vault

3 Likes

We migrated off LastPass with a couple trial organization, however, I cannot recommend bringing more over without this ability to “stop sharing” items that were originally created in the personal vault.

2 Likes

You misunderstand the technical implementation of an organization and conflate it with not having permissions after sharing.

The organization owns the entry and a person’s account can have admin privs to an org. My wife and I each have our own org. I have read-only access to her’s and she to mine. We can both share with the click of a button to our own orgs.

edit: “And unshare” Seems I was mis-remembering something. It is not often that I need to unshare. Via the web ui, I can move an entry out of my org and back into one of my folders.

The limitations of the orgs has nothing to do with some philosophical view that Bitwarden is attempt to enforce. It’s because the features of an org is virtually 1-to-1 with the underlying datastructure. They could make it so it functions like the entries stay with the original creator, but this would be syntactical-sugar on top of their current datastructure and would take time to implement. Not to mention it would change per-existing functionality around sharing, which could be dangerous. So they would have to take that into consideration in how they transition.

1 Like

I respectfully disagree. It’s obvious that it is a common practice in the password manager field, so why wouldn’t Bitwarden implement it then? Also, many (many) people want this feature, thus all the discussion and the votes. And Bitwarden implemented this “vote on changes you want” practice. It comes down to being a simple philosophical difference. Otherwise, with all the people that want it, I believe Bitwarden has enough integrity that they would move in the direction of making it happen. Now, I think, when explaining themselves, their reasons will be technical/hyped shells that when stripped away, the standard philosophical truth will remain - they think they are safeguarding the customer, which equates with not allowing the customer to weigh their own risks and move ahead.

1 Like

Any updates on this feature request to reclaim a shared entry from an organization so it does not show up there at all and only in my personal vault?

1 Like

Exactly that’s what caused this problem in the first place, unclear terminology.
Please fix it

1 Like

As an organisational administrator, I can safely state that I don’t believe items should so easily be “unshared”. As previously stated, it is a transfer of record ownership from the user to the organisation. Once ownership is transferred, a user should not be able to take back ownership.

I think changing “Share” to “Move to Collection” would be a good start.
I also think that a seperate “Share” function (1:1) would be quite welcome. This would be best as a premium feature, and would allow sharing of records outside of an Organisation structure, and without transfer of ownership.

Some examples:

  1. Premium users shares a login record with another premium user, without any organisation created.

  2. Organisational User shares a login record with a single other organisational user. No transfer of ownership, and no collection created.

1 Like
  1. You don’t have to, the owner and/or admin (or some new level) can move it back to their personal account (or even better, can “transfer” it to another user’s account)
  2. As above, since the permission lies with the owner or admin, they simply don’t “transfer” it.
  3. The owner or admin or some new level which allows “transfers”. I think the owner/admin is the most appropriate for simplicity sake.

Exactly. It’s not “sharing/unsharing”. Just like the initial transfer from personal vault to organizations is misleadingly named “sharing” instead of “transferring”. So this is “unsharing” although technically it’s more like “transferring back” from organization to personal vault

1 Like

This defeats the original purpose of organizations and collections though.

1 Like

True, but I would call it an evolution. Organisations are designed for sharing with many people. They are based around the idea of organisational ownership of records, and require security measures in place to stop intentional/unintentional abuse.

A separate share function would be for personal sharing. 1:1 sharing of records or folders. It would be for those who need to share a record without losing ownership of the item. And by placing it as a premium feature, you would likely pick up revenue from users who don’t want to pay for an organisation to share a couple passwords, and those that don’t want to pay for multiple organisations to share with multiple different people.

It is not always appropriate to add everyone to a single organisation, and you only get 1 for free. I would say the features have different use cases, and times when choosing one would be more appropriate than the other.

Example: I transfer ownership of a “local Admin account” login to an organisation as it is required for business continuity. The record belongs to the organisation because if I leave the organisation, the login needs to be handed to the employee who takes on my responsibilities, or it needs to be used by multiple employees of the organisation.

I share my Netflix login with my father, and my brother-in-law. I would not add them both to the same organisation, nor do I want to transfer ownership of the record. Sharing the login is 2 separate 1:1 shares, so “unsharing” with my brother-in-law, does not revoke my father’s access.

1 Like

Bitwarden seems to be great and seems to take most of its lead from LastPass. Most features are comparable except this sharing/transferring thing. Instead of re-inventing the wheel, why not look to see what LastPass does. Their system is simple and easy for anyone to understand:

  • User A creates a password record
  • User A shares record with User B, which sends User B an email notification with an opt-in function
  • User A can change the password at his/her leisure and the change is reflected for User B
  • User A can withdraw the share at any time
  • Finally, LastPass doesn’t do this, but a share similar to above can be shared to a group in the same fashion as a user.

It seems like it would make more sense to add ALL passwords to the organization and then select specific records to share by adding them to a shared collection.

1 Like

You can clone it but since you transferred ownership you have to go to the organization first then go to the password and clone it from there. I too was completely baffled. This allowed me to “unshare” a password by cloning + delete original so I can “take back” my password.

1 Like