Organisations and password deletion

Hello,

We are currently using Bitwarden Enterprise as a test within our organisation but a few speedbumps have crossed our path. We are trying to figure out how to protect Collections and their items from rogue users, misstakes etc.

Given the following scenario

  • User A has gone rogue and deletes all password within Collection A. User A then continues to delete all items in the Trash, permanently.

How can we best avoid the above from happening? We can give User A read access to the collection, but if that user signs in to a page and it prompts for a new password due to expiration, the new password will not be automatically updated in the collection due to the read-only access.

This is the dilemma we face. We cannot understand why there is not a delete permission in groups. We also find it odd that regular users can permanently delete collection items from the trash.

How should we go about this?

2 Likes

Hi.

This is also my dilemma…

I’m implementing bitwarden Teams in my company and this is a problem we are facing and downt know how to solve it.

Any help from the community will be much appreciated.

Thank you

Hi again,

After thinking around a possible solution for this issue, I believe one good option would be to limit the access to the Organization Vault Trash only to Owners and Admins.

Look forward to other comments…

2 Likes

I suggested to our account manager to add a delete permission for groups, restricting users from deleting Collection items. Also limiting users from deleting Collection items from the vault would make sense unless the item was shared by the user.

2 Likes

We are faced with this (very basic and very valid) situation as well.
Rogue employees are a real thing, this scenario should be the simplest way for Bitwarden to give everyone the tools they need.

Not having a mechanism to prevent rogue deletion of collections and passwords in the group vault is a huge pitfall, but i’m not sure Bitwarden can code their way out of this problem easily.

Hey there, the team is working on flexible collections management and improving functionality around collection permissions.

Thanks @dwbit, this is amazing news. Do not get me wrong I appreciate your answer but it is to vague. Can you elaborate on what is being improved, when we can expect to see these changes?

Hey Martin, we will have more to share soon as this is still in development, it will allow for smoother collection management process as well as a more granular refinement of permissions. Details to come :+1: