Permissions per Collection

Feature name

Permissions per Collection.

Feature function

Currently Permissions like Manager are for all or for all assigned Collections.
I propose, that these Permissions can be set for each Collection independently.

My use case are different departments which have different Managers, but if Manager1 from department1 is added to a Collection of department2 (from Manager2) he is a Manager there as well. But Manager1 should not be Manager of this Collection.
With this Feature a Escalation of Privileges can be avoided, because if Manager2 adds Manager1 to his Collection as Read-Only User, that Manager1 can change his own access rights to this Collection!

It would be a huge benefit for all larger Companies!

Related topics + references

Collection permissions

2 Likes

I wonder how this request doesn’t get more attention. Do other organizations do not care that once a user is a manager, they can manage all the assigned collections and not just particular ones?

3 Likes

Thanks for the feedback everyone, the team is looking at making improvements in this area.

2 Likes

I’d like to create groups and then give those groups individual higher permissions to collections. As it stands you can give higher permissions only to individual users, but then you get very non-ideal things like:

  • They can then create any collections they like (I’d prefer to allow people to only generate nested collections and/or folders within collections if that ever gets implemented)
  • They get to see a list of all the organisations collections, even if they don’t have access to them - which is a pretty big data leakage issue, in my mind.
1 Like

Came here thinking there must be a way. Really? Please tackle this, Bitwarden!

1 Like

Thanks for the feedback all, the team is working on ‘flexible’ collections that will improve this flow.

1 Like

Any updates on this?

Thanks for checking in! This work is currently in development and should be released later this year. It is also listed on the Roadmap under “Collection permissions”.

Will the updated Collection Permissions include the ability to allow someone to add to a collection but have no ability to view/edit the collection?

i.e. we have a couple of IT collections and a Finance collection, neither have access to each other however the IT team would like the ability to select the Accounts collection so that team can see the credentials too.

For example, we might have a credential that Desktop Support, Infrastructure and Accounts need to see, the ability for them to select the other teams, even if they dont have access would be really helpful.