Hello everyone,
I’m new to Bitwarden and currently trying to integrate it into our small business. I’ve already run into a challenge regarding roles, permissions, and collection access, and I’d really appreciate your thoughts or some guidance. I did search through the forum beforehand, but didn’t find a fully satisfying answer.
At the moment, I have the role “Admin”, which essentially allows me to do almost anything within our organization. That’s fine in general, but the first issue came up when our business owners wanted to create a collection that only they should have access to.
There is a global setting that allows Owners and Admins to manage all collections and view all items. From what I understand, enabling this makes it impossible to keep certain collections restricted to Owners only. Is there any way to separate this permission so that only Owners have full access, while Admins can still manage the system without seeing sensitive data?
Another concern I have is that, even if I disable that setting, it seems like an Admin could potentially grant themselves access to collections anyway. So from a security perspective, it feels like the only way to truly restrict access is to limit the Admin role itself quite heavily — is that correct?
What I also don’t fully understand is the practical distinction between Owner and Admin. If Admins can effectively escalate their access (directly or indirectly), what is the intended boundary between these roles?
I’d really appreciate any insights or best practices on how to handle this scenario in a real-world setup. For me it seems that I have to set up every collection including permissions and then basically lock my self out of the admin role, become a standard user and only ever get any policy changes through my business owners, who do not really have time for administrating stuff like this.
Thanks a lot!