Don't allow permanent deletion. Archive it!

Goal

Teams/Enterprise user with regular edit permission shouldn’t be allowed to delete an entry permanently.

Feature function

There are many ways to achieve the above end goal

  1. Move it to Archive collection which only admin has access to.
  2. Add permission to prevent moving to trash but only allow edits. Since previous passwords are always available

Drawbacks of various workarounds

Set users permission as ReadOnly

  • This severely restricts users from editing an existing entry. Instead they have to contact admin over insecure means so that the admin can update the password.

Trash Feature Workaround

  • User with Edit permissions can empty the Trash
  • Trash itself empties after 30days! automatically.

Export as Backup workaround

  • The whole purpose of BitWarden is so that we don’t have to manage sensitive credentials, backups just punt the problem back to the user.

Related topics + references