We are currently using Bitwarden Enterprise as a test within our organisation but a few speedbumps have crossed our path. We are trying to figure out how to protect Collections and their items from rogue users, misstakes etc.
Given the following scenario
User A has gone rogue and deletes all password within Collection A. User A then continues to delete all items in the Trash, permanently.
How can we best avoid the above from happening? We can give User A read access to the collection, but if that user signs in to a page and it prompts for a new password due to expiration, the new password will not be automatically updated in the collection due to the read-only access.
This is the dilemma we face. We cannot understand why there is not a delete permission in groups. We also find it odd that regular users can permanently delete collection items from the trash.
After thinking around a possible solution for this issue, I believe one good option would be to limit the access to the Organization Vault Trash only to Owners and Admins.
I suggested to our account manager to add a delete permission for groups, restricting users from deleting Collection items. Also limiting users from deleting Collection items from the vault would make sense unless the item was shared by the user.
We are faced with this (very basic and very valid) situation as well.
Rogue employees are a real thing, this scenario should be the simplest way for Bitwarden to give everyone the tools they need.
Not having a mechanism to prevent rogue deletion of collections and passwords in the group vault is a huge pitfall, but i’m not sure Bitwarden can code their way out of this problem easily.
Thanks @dwbit, this is amazing news. Do not get me wrong I appreciate your answer but it is to vague. Can you elaborate on what is being improved, when we can expect to see these changes?
Hey Martin, we will have more to share soon as this is still in development, it will allow for smoother collection management process as well as a more granular refinement of permissions. Details to come