Allow User to *add*, but *not* edit or delete to an Organisation/Collection

Hey all

After having a discussion with Bitwarden(BW) support a feature I think would be useful was found to be missing from the platform’s featureset.

As BW is currently setup users in an Organisation(Org) have either unlimited access, add, edit, delete, or very limited access such as not even being able to view passwords.

In my own use case I am just a home user with a single Org, but for me having the ability to nominate users who can add, but not edit or delete existing data in the Org would be useful to me.

Broadening the idea to a large company with an Org allowing an admin to select users with the ability to add data to vaults would be a way of securely capturing data while ‘in the field’ or even ‘wfh’ and avoids handling sensitive data in insecure ways before an admin/manager/power user can enter it later. The data protection benefits of this seem to be obvious. Admins and Managers could switch on and off the facility for a user(s), to prevent abuse of the ability.

Not allowing the user to edit or delete INCLUDING any data they add-once they add it and save it they no longer can edit or delete it-protects the integrity of the Org data that already exists.

Coming back to my own domestic use case, I have several users who would be of poor IT skills, and giving them unlimited access to an Org with shared details that may not be reliably backed up elsewhere could be catastrophic if they mash ‘ctrl-A and delete’. :smiley: This would also apply to a large business with multiple collections and Orgs where giving the wrong user edit powers would be potentially devastating.

Having the ability to add data to an Org would be a nice middleground between allowing users too much access, as it seems to be now, or too little where that access is of little use.

This is a feature I have settled on seeking from my own situation, but I hope I’ve given a rationale why it would be useful beyond just this domestic user.

Thanks for the feature request! Expanding custom roles is definitely on the team’s radar :+1:

2 Likes

Great to hear! It is a bit lacking as it is currently setup, and the ‘custom’ area hasn’t much in the way of customisation for general access controls.