Hello there!
Disclaimer beforehand: We, at my company, are using Vaultwarden as the self-hosted instance. So perhaps this may play into this, but also maybe not… So I wanted to get this out of the way first 
A while ago, an update to the Web-Vault was pushed that removed a checkbox in an org’s collection permission management that would denote that all subsequent collections would inherit those configured permissions. You can see a screenshot in the origin ticket here: Organisation Collection Permission · dani-garcia/vaultwarden · Discussion #5581 · GitHub
That checkbox was super useful, because when we later expanded our collections, subcollections and the like, the permission would be set. And… now it’s gone.
So, I want to ask what I can do here, or if you have an idea. Basically, our structure works a little something like this:
Org (representing a customer)
|- Category (Cloud, Server, Software, ...)
| |- Sub-Category (Providers, Software-/Platform-Vendors, ...)
So while we may create a customer with a few default categories, we are likely going to extend the sub-categories over time - and now we have to do a lot of manual handywork to fix them up.
That said… I have no idea how bigger companies properly structure their BW instances. Obviously I have a hunch that it is not too far off from ours, but that the Directory Sync is used to take care of permission management - at least, to some degree.
Do you have any recommendation or ideas? We have around 30+ custojmers and lord knows how many collections… (I could check with some psql queries, but I already know its huge).
Thank you very much and kind regards!