We are currently using Bitwarden Enterprise as a test within our organisation but a few speedbumps have crossed our path. We are trying to figure out how to protect Collections and their items from rogue users, misstakes etc.
Given the following scenario
User A has gone rogue and deletes all password within Collection A. User A then continues to delete all items in the Trash, permanently.
How can we best avoid the above from happening? We can give User A read access to the collection, but if that user signs in to a page and it prompts for a new password due to expiration, the new password will not be automatically updated in the collection due to the read-only access.
This is the dilemma we face. We cannot understand why there is not a delete permission in groups. We also find it odd that regular users can permanently delete collection items from the trash.
I suggested to our account manager to add a delete permission for groups, restricting users from deleting Collection items. Also limiting users from deleting Collection items from the vault would make sense unless the item was shared by the user.
Hey Martin, we will have more to share soon as this is still in development, it will allow for smoother collection management process as well as a more granular refinement of permissions. Details to come