Hello,

We are currently using Bitwarden Enterprise as a test within our organisation but a few speedbumps have crossed our path. We are trying to figure out how to protect Collections and their items from rogue users, misstakes etc.

Given the following scenario

• User A has gone rogue and deletes all password within Collection A. User A then continues to delete all items in the Trash, permanently.

How can we best avoid the above from happening? We can give User A read access to the collection, but if that user signs in to a page and it prompts for a new password due to expiration, the new password will not be automatically updated in the collection due to the read-only access.

This is the dilemma we face. We cannot understand why there is not a delete permission in groups. We also find it odd that regular users can permanently delete collection items from the trash.

How should we go about this?

Hi.

This is also my dilemma…

I’m implementing bitwarden Teams in my company and this is a problem we are facing and downt know how to solve it.

Any help from the community will be much appreciated.

Thank you

Hi again,

After thinking around a possible solution for this issue, I believe one good option would be to limit the access to the Organization Vault Trash only to Owners and Admins.

Look forward to other comments…

I suggested to our account manager to add a delete permission for groups, restricting users from deleting Collection items. Also limiting users from deleting Collection items from the vault would make sense unless the item was shared by the user.