Any updates on this feature request to reclaim a shared entry from an organization so it does not show up there at all and only in my personal vault?
Exactly that’s what caused this problem in the first place, unclear terminology.
Please fix it
As an organisational administrator, I can safely state that I don’t believe items should so easily be “unshared”. As previously stated, it is a transfer of record ownership from the user to the organisation. Once ownership is transferred, a user should not be able to take back ownership.
I think changing “Share” to “Move to Collection” would be a good start.
I also think that a seperate “Share” function (1:1) would be quite welcome. This would be best as a premium feature, and would allow sharing of records outside of an Organisation structure, and without transfer of ownership.
Premium users shares a login record with another premium user, without any organisation created.
Organisational User shares a login record with a single other organisational user. No transfer of ownership, and no collection created.
- You don’t have to, the owner and/or admin (or some new level) can move it back to their personal account (or even better, can “transfer” it to another user’s account)
- As above, since the permission lies with the owner or admin, they simply don’t “transfer” it.
- The owner or admin or some new level which allows “transfers”. I think the owner/admin is the most appropriate for simplicity sake.
Exactly. It’s not “sharing/unsharing”. Just like the initial transfer from personal vault to organizations is misleadingly named “sharing” instead of “transferring”. So this is “unsharing” although technically it’s more like “transferring back” from organization to personal vault
This defeats the original purpose of organizations and collections though.
True, but I would call it an evolution. Organisations are designed for sharing with many people. They are based around the idea of organisational ownership of records, and require security measures in place to stop intentional/unintentional abuse.
A separate share function would be for personal sharing. 1:1 sharing of records or folders. It would be for those who need to share a record without losing ownership of the item. And by placing it as a premium feature, you would likely pick up revenue from users who don’t want to pay for an organisation to share a couple passwords, and those that don’t want to pay for multiple organisations to share with multiple different people.
It is not always appropriate to add everyone to a single organisation, and you only get 1 for free. I would say the features have different use cases, and times when choosing one would be more appropriate than the other.
Example: I transfer ownership of a “local Admin account” login to an organisation as it is required for business continuity. The record belongs to the organisation because if I leave the organisation, the login needs to be handed to the employee who takes on my responsibilities, or it needs to be used by multiple employees of the organisation.
I share my Netflix login with my father, and my brother-in-law. I would not add them both to the same organisation, nor do I want to transfer ownership of the record. Sharing the login is 2 separate 1:1 shares, so “unsharing” with my brother-in-law, does not revoke my father’s access.
Bitwarden seems to be great and seems to take most of its lead from LastPass. Most features are comparable except this sharing/transferring thing. Instead of re-inventing the wheel, why not look to see what LastPass does. Their system is simple and easy for anyone to understand:
- User A creates a password record
- User A shares record with User B, which sends User B an email notification with an opt-in function
- User A can change the password at his/her leisure and the change is reflected for User B
- User A can withdraw the share at any time
- Finally, LastPass doesn’t do this, but a share similar to above can be shared to a group in the same fashion as a user.
It seems like it would make more sense to add ALL passwords to the organization and then select specific records to share by adding them to a shared collection.
You can clone it but since you transferred ownership you have to go to the organization first then go to the password and clone it from there. I too was completely baffled. This allowed me to “unshare” a password by cloning + delete original so I can “take back” my password.
After reading about 50% of this thread I see now the point of organizations and how you are changing the owner entirely and I see the workaround to “unsharing” (go to org > find password > clone > choose your account > delete original). However, I think most people here having brought up that when it comes to password sharing the key thing about password sharing is you want to allow someone to use your password but not own it therefore you want the right to revoke access. I feel that this should be a different feature (view only password). I can see that I can sort of do this “view only” by creating a collection that certain members or the org have only view only access but it doesn’t really mirror a use case.
For instance, sharing a netflix password. My fiance is owner of the account. She changes the password. Me and some of our close family use the same account with profiles. In this use I and our family should only be able to view the password to be able to type it out but not change it. This type of password should be owned by my fiance and we just have view access to it. I feel that this type of situation should mirror how the tool works. It seems what we have to do is create collections for each user and do view only for others to prevent overwrite.
I got a headache reading all this. After 2 years, still no changes.
I propose the following solution.
When you “SHARE”, you give a COPY of the credentials to the organization and keep a link between the one in your vault and the one in the organization so you can keep track of them.
If someone changes the copy from the organization, you can see that and you can decide whether you want to sync the copy from your vault or not. Alternatively, you can decide to sync the copy from the organization with the one in your vault, in case you change it.
At no time should anyone be able to make changes to your shared item and those changes to reflect in your vault without your consent. Hence, the directional sync function which could be set to be automatic or manual. (automatically/manually sync organization copy and automatically/manually sync your vault copy)
To “UNSHARE”, you simply remove the link between the two, and decide whether the copy from the organization is deleted as well or not. The organization could also have one option which states whether users can delete the shared copies. In the case the users are not allowed, they should still be able to unlink the copy from the organization and the copy from their vault.
To address the issue of who owns the COPY of the shared item, it should be the owner of the organization.
Appropriate messages should be shown when sharing and unsharing to avoid confusion.
As a new user who moved from Lastpass after they forced the new policies and immediately paid for the Bitwarden Family tier to support Bitwarden development, I find this is one of the features I miss the most.
Please Bitwarden, make this happen.
What I don’t understand is that as owner of organization I can clone an item and I can delete it.
So if I understand correctly if I want to remove item from organization I must clone it and than delete original and rename cloned one to remove word “Clone” from name.
I basically have all authority to do with item what I want, there is just lot of clicking involed.
Why can’t there be button to do all that with one click?
Or am I missing something?
You’re not missing anything. It’s the way it works.
I really don’t understand why you would want to lose the item from your vault when sharing it with someone. the way it currently works I not only see it as inconvenient, but also as a security risk, due to the amount of work you need to get it back and not be in the possession of your passwords until you do.
I keep coming back to review it and see if there are any changes to it, but this is almost 3 years old and still not fixed.
I’ve been using lastpass until now and even though it is bettern in many areas, I would prefer Bitwarden because it is open source and respects privacy more. Unfortunately, this share option just keeps pushing me back… so I guess I will continue to pay lastpass until they make an acceptable sharing solution.
Yes it is strange solution for sharing. I don’t need to change shared passwords that often so it is not big problem for me but it is definitely cumbersome and confusing (If you have to search for help on forums just to stop sharing password that is not good UIX).
Oof, I just ran into this issue myself. The way Bitwarden chose to implement this might work for organizations, but… we’re just sharing between my spouse and me.
When we started out with BW, I placed several logins that we shared (such as our bank, shared cell phone, etc) in the “family vault”. But in my haste I added a number “personal” logins, and also since then it has became necessary to each have our own cell phone for example. Now I’m finding out that there is no way to assign those logins back to an individual account.
I actually read this entire thread and there is a lot of discussion that it is not actually “sharing” or “un-sharing” but “transferring ownership”, then for heaven’s sake, what is holding you guys up to just add “transferring ownership” back to one of the individuals?
Honestly it can’t be THAT hard to implement. We are not an organization, we are a family. We need this ability to “share/un-share” or “transfer/transfer back”, however you choose to call this.
Thanks for listening
That’s a shame. As I said I read this thread, but I didn’t see any real compelling arguments why it should be so hard to understand what we want/need… not as a company, but as a family.
I used the example of our cell phone account login. Now hubby has two logins he has to choose from: mine (shared) and his own. Forum accounts that we both participate in and that I accidentally shared, same thing: now he has two.
I can think of hundreds of better ways of implementing this for families, and sadly, the competition seems to grasp this. So why can’t Bitwarden?
I don’t think it’s an understanding issue, rather than them trying to “stall” for time. It’s been well over 2 years since this was requested and it wasn’t changed most likely because it seems that their main customer is the companies not us, the “regular” users.
Their priority in that case will of course be to satisfy the bigger investors rather than the smaller ones. Since what we’re asking is not something that would affect the big investors, as in companies “unsharing” is not that important, this will be put at the end of the list along with the other things that the big boys are not interested in. Perhaps it is even deliberately moved to the end of the backlog in attempt to make someone invest in changing it.
Until they will run out of things to implement that the big investors are asking for, or until one of them specifically invests for this functionality, I don’t think we’ll see this anytime soon.
The way I see the Bitwarden’s vault logic to work with “sharing” is quite similar to 1password. Although I find flaws with 1password, they are not as many as with Bitwarden. So if they really had this option as a priority, there is no way they could say they don’t know what we’re expecting from it or that they don’t understand it, as it’s been already well defined in other products.
However, in terms of the way they work, I am not happy with either, because both present security risks to me as the OWNER of the credentials, unlike an enterprise where the owner is the “organization”. For both, you lose “ownership” of your credential. This is a no-no for anyone thinking it through.
I am moving the whole family from a competing password manager over to Bitwarden and discovering the lack of this feature (whatever we want to call it) is a major disappointment.
I really want to encourage open-source and the Family Plan has been paid for 12 months. I sincerely hope this will be implemented by then.
Keep up the good work !
Thanks @flashpaz !
One option is to have collections for each user that aren’t shared with everyone else. This way, if you want to ‘unshare’ something, you can assign it to a collection that only you have access to.
Note I know this is not the root-requirement for this thread, and we are paying attention
The problem with this approach is that family owners can see the contents of all collections, even those that aren’t explicitly shared with them.