Allow lower level users (like Admin? Manager?) to create and manage Collections that the Owner can see, but not open to view the details of the login creds, cards, etc.
I wanted to subscribe to a Premium Family account for me, my wife, my daughter and her husband. We all share a few login creds (global Collection). My daughter and her husband have other login creds they share but my wife and I should not have access to (like their bank and credit card accounts). Same scenario for my wife and me. Since someone has to be the owner of the family org, that person can see every login cred in every Collection in the family org.
Thanks for your consideration.
Dave in TN
dh024: I was not aware there could be more than one owner in a Premium Family org. I didn’t see that mentioned in any of the marketing or Support articles I read. Thanks for the heads up. I will explore this further with the 2-person free family org. I’m testing with now. Thanks again for the idea and strategy.
dh024: I tried the strategy of setting up 2 users as Owners, each creating a Collection, and trying to restrict the other owner from viewing and using the other Owner’s Collection. This did not work. Both Owners could view and use the Collection the other Owner created. Thanks for the idea.
I still believe this would be a good enhancement to the BW system. Hopefully it will be considered in the future.
Hi @DaveinTN - if you want to hide collections so the different owners can’t see it, follow the advice here (I posted this in your other thread, but you may have missed it):
If you want to do more than this - that is, make the collection entirely inaccessible between owners, then you will have to create a second organization (e.g., the two-person free organization that Kent mentioned). My apologies if I confused “not see” with “not access” collections in your intent.
dh024: thanks for confirming what I tested and experienced. As Owner of the Family Org, when I use Web Vault, I can view/access any login in any Collection (but not the logins in the individual Personal Vaults). I have suggested a separate free 2-person family org. to my daughter and son-in-law for their logins they need to share, while using my Premium Family org. for sharing logins between us all and for encrypted file transfers.
I appreciate all your help while I was testing and exploring how we could use the BW system.
I think this is a valid feature request. There should be a way for others in my family organization to share passwords with each other, without me having access.
That being said, I’m really hoping that Bitwarden adds a way to share passwords outside of organizations, because there are so many legitimate use cases for maintaining ownership of a password, and sharing it with people who would not naturally be in an organization together.
As a family/business, it’s a liability to have one account able to access all entries of all collections.
I’m not sure exactly how other services do it, but I could imagine:
A role which is able to create collections. Any role above that also can create collections.
Owners can enable/disable private collections. When disabled, all collections must have all owners checked under accessible users. When enabled, the only restriction is that at least one user must have full access. It does not have to be the creator.
This would allow me to create collections for my parents to use without me having access and without me having to physically control their device for them.
Perhaps in a technical sense it would be easier to have the restriction that private collections must require the creator to have full access (assuming they must generate a key on creation)
Anywho, this feature gets my vote, but it might actually be easier for my parents to just use the “share individually owned passwords” feature…?