New Permission concept for Bitwarden

Hello,

to my understanding, the design of bitwarden is, that password access permissions of an object is controlled by the collection it is part of, right? That can be very nice, and you are able to granularly set permissions. However, in bigger environments (we have +400 employees) it’s really difficult. Let me give you an example:

We are a serviceprovider and have alot of customers. For every customer, there’s a collection to keep things separated and neat. Several of our teams work with each customer. Every team equals one bitwarden-group (1:1). Every team should only be able to view the own passwords. That requires us to create a sub-collection for every team inside the customer-collection with it’s own permissions. Organizing this is a pain…

Customer A

  • Team 1
  • Team 2
  • Team 3

Customer B

  • Team 1
  • Team 2

Let’s think about a new concept:

When sharing a password, the collection shouldn’t matter so much. It’s more important to decide with whom you want to share an object. So, first select the collection you want to put it into, and then the team (group) you want to share it with. That way, everybody could put the passwords in the same customer-collection:

Customer A
Customer B
Customer C

I hope i was able to describe my problem. We have currently ~370 customers and 35 teams/groups which makes 12,950 collections in total… and every collection has to have it’s own permissions. That’s a nightmare. I don’t want to be rude, but from that point of view, bitwarden doesn’t suit for large environments.