Premium to Family confusion

I could use some help.

I started as user 1 with a premium account and imported PW from other client. I added a second premium account for user 2. I am the admin for both. I needed a better option for sharing, so I went to a Family account. I added collections for myself, user 1, along with user 2 plus other collections (like an archive collection, etc.). Now I have the family account (with collections) a user 1 account/vault (with its own collection), a user 2 account/vault (with its own collection), and somehow, in my family admin console, I have a separate vault for user 2 in, I think, the family collection.

So, I have the family account & collections, a user 1 account and its collection, a user 2 account and its collection as well as a user 2 vault(?) within the family account.

Also, when using the browser extension, I get multiple offered logins that are both from one or more an individual vaults and collections. I would prefer to just see the one login instead of multiple similar logins from different areas (vaults and collections) in bitwarden.

I want to simplify the use of all this. Ideally, I’d like to have user 1 and user 2 with their separate account, but eliminate their individual collections because I want to just use the family collections. Then, I’d like to have just a family account with a collection for each user 1 and 2, along with other various collections I find convenient, such as an archive collection.

I keep reading the instructions, videos, etc. but I cannot figure this out. It’s like I’m besieged by vaults, accounts, and collections. I’m trying to both simplify and avoid duplicates. I would appreciate some help with this.

Thanks,
Jerry

It does indeed sound confusing!

I think the first thing to figure out is, how many organizations did you set up? Other than the Family organization, did you ever set up a Free organization owned by either User 1 or by User 2?

The reason I ask is that you wrote that you have “a user 1 account/vault (with its own collection), a user 2 account/vault (with its own collection)”. However, collections always belong to organizations, not to individual users. You also wrote “I’d like to … eliminate their individual collections because I want to just use the family collections” — again, collections can only belong to an organization, not to an individual user.

So, unless you set up a second (and third!?) organization in addition to your Family organization, then all of the collections should belong to your Family organization.

Collections are simply a way of efficiently setting permissions (e.g., who can see, edit, add, or delete shared items) for items that are stored in the organization vault. Instead of defining permissions for each individual item in the organization vault, you must assign organization items to a collection and then set the permissions for the collection; the permissions that have been set up for a collection are applied to all items contained within that collection. Thus, if you want two organization items to have different permissions (e.g., one item viewable by both users and another item viewable by neither user), then these two items must reside in two separate collections. If two organization items will have the same permissions, then they should reside in the same collection.

Can you provide us with a list of all collections in your Family organization (redacting the collection names, if necessary), and indicate what permissions User 1 and User 2 have for each of these collections?

Furthermore, do either User 1 or User 2 belong to any organization other than the Family organization?

I will post the information you requested separately. Thank you.

1 Like

User1. Me. Premium BW account which will ultimately downgrade to a free account.
One organization and no collections. Sole access.

When I open BW I see: all vaults, my vault (user1), family, user2. I also receive a notice: Notice. Unassigned organization items are no longer visible in the All vaults view and only accessible via the Admin Console. Assign these items to a collection from the Admin Console to make them visible.

User2. Premium BW account which will ultimately downgrade to a free account.
One organization and one collections. User1 & User2 have manage access.

Family account.
Family organization & User2 organization.
Family organization with 5 collections C1, C2, C3, C4, C5 & 1 unassigned.
I manage collections. C5 only has view access for user2.

Family account also has a user2 organization with one collection (and an unassigned). I (user1) can manage this collection, and user2 has view access.

Basically, what I’m trying to achieve is for me to have control over the information while giving read access to user2, who is a bit of a Luddite and simply does not want to deal with any of this except to have passwords when necessary. They want no management responsibilities. I only need to have a limited number of passwords for them to access (in their collection, and assign view access whenever requested). I manage the underlying data, i.e. URL’s, passwords updates, etc.

Thanks for the response. I’m still a bit confused by your situation.

It sounds like you may have set up three different individual Bitwarden accounts (each with a different email address for logging in):

  1. User 1 account (“Lrrr” — i.e., you).

  2. User 2 account (“Ludd” — i.e., the Luddite).

  3. Family plan owner account (“Lrrr2” — also you, but using a different email address for logging in).

Is this accurate? In the list above, I have given each login account a nickname (“Lrrr”, “Lrrr2”, and “Ludd”), just to be able to keep things straight. For what it’s worth, this is already an unusual arrangement; you would normally just use your original account (User 1 = “Lrrr”) and set up to Family plan with that account as the owner of the family organization.

Furthermore, it seems that you may have set up one (or even two) Free organizations in addition to the Family organization. Apparently, one of these Free organizations is named after User 2 (“Ludd”) — let’s refer to this organization vault as the “LuddOrg” vault. At this time, it is unclear to me which of the three accounts is the owner of this “LuddOrg” organization. I believe that you are seeing the “LuddOrg” vault when logged in as User 1 (“Lrrr”), and are incorrectly interpreting this organization vault as being the individual vault belonging to User 2 (“Ludd”) — presumably because you have given that organization a name that is the same as User 2’s name (“Ludd”).

This part of your response is confusing, however:

The sentence above implies that the “user2 organization” (which I described as “LuddOrg” above) has three members: User 1 (“Lrrr”), User 2 (“Ludd”) and the Family plan owner (“Lrrr2”). This should not be possible if “LuddOrg” is a Free organization, as Free organizations are limited to having 2 members only. Thus, it is important to clarify which account you were referring to when you said that “I (user1) can manage this collection”; did you actually mean to refer to your User 1 account (“Lrrr”), or is it your “Lrrr2” account (the Family plan owner account) that can manage this “LuddOrg” collection?

Sorting out the details surrounding the points of confusion noted above will be helpful.

However, in the end, it may be best to export the contents of the Free organizational vaults, then import those contents into the Family organization vault, and finally delete all Free organization vaults. Subsequently, you can work on arranging the organization items into a set of collections, and configure the permissions of each collection to meet your need.

You will probably also need to consolidate your “Lrrr” and “Lrrr2” individual accounts into one, unless you have a good reason to keep these separate.

I’m working through your response to answer the questions. Some will take longer, but I know that there is no Lrrr2 because I used Lrrr to set up the family account. Other than that, I think you are identifying the confusion in the accounts. Let me jump to your last paragraph.

“However, in the end, it may be best to export the contents of the Free organizational vaults, then import those contents into the Family organization vault”
Q. I thought that the Family vault only had collections in it. I did not think that I could import items into it like a premium/free account.

“and finally delete all Free organization vaults.”
Q. Are you referring to the Ludd vault I created in the family account? Or, are you referring to the original separate premium/free accounts?

Q. If all items (from everywhere) are in the Family vault and sorted into collections, and Lrrr and Ludd have separate sign-in’s, and Ludd is given view access to their collection(s) in the family vault, can I delete the separate Lrrr & Ludd free/premium accounts. If so, have I thereby resolved these aforementioned confusing issues? If so, once I resolve any duplicates, am I then on the right track?

It is this kind of phrasing that makes me think that there is a “Lrrr2” account.

If you truly used the “Lrrr” account to set up the Family organization, then there would be no “family account” (only a Family organization, owned by the “Lrrr” account).

Again, this use of the terms “vault” and “account” do not make sense. As noted above, there is no such thing as a “family account” (unless you are referring to a “Lrrr2” account, the existence of which you have denied). Also, you cannot create a vault — you can create individual Bitwarden accounts (e.g., “Lrrr”, “Ludd”, “Lrrr2”), and you can create organizations, but there is always just one vault for each created user account and one vault for each created organization.

If you are using your words to mean something different from the standard definitions, could we please agree to the following terminology?

  • Account: A Bitwarden account requires specification of a unique email address as the username when logging in to a Bitwarden app. Each account has its own email address. Anything that uses the same email address as the Bitwarden login username is the same account. Thus, there is a one-to-one correspondence between individual Bitwarden users and their accounts.

  • Organization: An organization does not have its own account. However, each organization is owned and administrated by a user who has an individual account. Also, multiple users can be members of an organization. There are paid organizations (e.g., Family plans) and free organizations. If you are referring to an organization, please do not use the term “account”.

  • Vault: A vault is a container that holds items like login credentials, secure notes, credit card data, or identity (contact) information. Each individual account (user) has one associated individual vault. Each organization has one associated organization vault. A vault item (login, secure note, card, or identity) can be stored only in one vault (either an individual vault or an organization vault). Data can be exported from or imported into any vault (whether an individual vault or an organization vault).

 


 

To address some of your other statements and questions:

As explained above, items (login credentials, secure notes, cards, or identities) can be stored in either an individual vault, or in an organization vault. When stored in an organization vault, items should be assigned to at least one collection. Collections are strictly for the purpose of managing permissions (i.e., who can view, edit, add, or delete items).

You can import items into either an individual vault or an organization vault. Instructions for how to import into an organization are available here.

 

No, I am not referring to any free or premium accounts (e.g., the “Lrrr” or “Ludd” user accounts), nor am I referring to the individual vaults associated with those accounts. I am referring specifically the the “LuddOrg” organization, which you evidently created from either the “Lrrr” account or the “Ludd” account (or the “Lrrr2” account, if it exists) and gave the name “Ludd”. Since you never mentioned paying for an organization subscription other than the Family plan, I am assuming that the “LuddOrg” organization is an unpaid organization; such free organizations are limited to having 2 users as members, and 2 collections for managing items stored in the organization vault. However, you made a comment earlier that implied there are three users who have access to the “LuddOrg” vault, which would not be possible if it is a free organization. Thus, there is still considerable confusion on my part regarding how your accounts and organizations are set up.

 

Oh, no… What do you mean by a “sign-in”? There is no such thing in Bitwarden, unless you are referring to the user accounts (see terminology definitions above). Thus if you delete the user accounts belonging to “Lrrr” and “Ludd”, they will no longer be able to sign in anywhere, and their individual vaults will be deleted (resulting in the loss of all items stored therein). Furthermore, if your Family organization was created from your “Lrrr” account (as you’ve claimed), then you will have a problem when you delete that account.

You should not delete to Bitwarden account of any individual user who still needs access to either their own personal vault items or to items in an organization vault. The only exception is that if you do in fact have an “Lrrr” account and a separate “Lrrr2” account, then you should consolidate the vault contents from those two accounts and subsequently delete the superfluous account.

Got it. Beginning to understand the way BW works:

Account: There are only 2 accounts, Lrrr and Ludd.

Organization: There are 3 organizations, Lrrr (premium), Ludd (Free), and Family

Vault: There are 3 vaults, Lrrr, Ludd, and Family

If I open my (Lrrr) vault, it shows all my items. There is no collection.

If I open Ludd’s vault, it shows all their items. There is a Ludd collection that seems to be duplicates of what is in the vault.

If I open the Family vault, it is populated by (I think) all the existing items from the other vaults. There are 5 collections: Default collection (empty), Lrrr’s collection (appears to be duplicates of Lrrr’s vault), Ludd’s collection appears to be duplicates of Ludd’s vault), and an Archive collection.

Moving forward, I will leave the existing 2 accounts alone.

I “think” I need to do the following, but I may be incorrect:

  1. Move all the items in my Lrrr premium vault into the Lrrr collection in the Family organization vault.

  2. Move all the items in the Ludd organization vault into the Ludd collection in the Family organization vault, and then delete the Ludd collection in the Ludd vault.

  3. This should leave Lrrr and Ludd with no vault items, and no collections.

  4. Then, go the Family organization vault, which should contain all the items from the other vaults. Assign those items needed by Ludd into a Ludd collection, giving Lrrr & Ludd access. Manager to the former and viewer to the latter.

  5. Then, since Lrrr manages the Family vault, which contains all (everyone’s) items, I could remove the Lrrr family vault collection since all the items are in the family vault, to which Lrrr has access. Should Ludd need access to a new item, I could then assign it a view status to that item in the Ludd collection.

Is this correct?

Close, but there is still some confusion of terminology or of the factual details.

If you have set up three organizations (which, for sake of avoiding confusion, we should call “LuddOrg”, “LrrrOrg”, and “Family”), then each of these organizations contains one and exactly one organization vault. In addition, every account has one and exactly one individual vault associated with the account. Therefore, if it is accurate that you have 2 accounts and 3 organizations, then there must be five (5) vaults:

  1. The “Lrrr” account individual vault;
  2. The “Ludd” account individual vault;
  3. The “LrrrOrg” organization vault;
  4. The “LuddOrg” organization vault;
  5. The Family organization vault.

It is also not clear what you are doing when you write:

It is important to specify which account you are logged into when opening these vaults, and also to be clear about whether you are opening the individual vault (“My Vault”) associated with the account that you are logged in to, or whether you are opening one of the organization vaults (e.g., are you opening Ludd’s individual vault after logging in to the “Ludd” account, or are you opening the “LuddOrg” organization vault after logging in to one of the other accounts?).

Moving forward:

What you need to do depends on what you are trying to accomplish, and the extent to which the two users (you and “Ludd”) need to be able to see or edit each others’ credentials.

Do you or do you not have any vault items that are private to you, that never need to be accessed by “Ludd”?

FYI, you will not be able to prevent “Ludd” from creating and keeping private vault items that are not accessible to you, but based on your description, they are unlikely to do attempt this. Regardless, if there are any vault items currently in use by “Ludd” that they wish to prevent access to by other members of the Family organization, please let me know.

Do you and “Ludd” have any items that you both wish to use (i.e., login credentials for a shared account), or is the sharing strictly for the purpose allowing you to manage Ludd’s items?

When you are logging in to your own accounts (on various websites, bot Bitwarden) using your stored credentials, do you wish to hide Ludd’s credentials so that they are not visible to you?

“If you have set up three organizations (which, for sake of avoiding confusion, we should call “LuddOrg”, “LrrrOrg”, and “Family”), then each of these organizations contains one and exactly one organization vault. In addition, every account has one and exactly one individual vault associated with the account. Therefore, if it is accurate that you have 2 accounts and 3 organizations, then there must be five (5) vaults:”

  1. The “Lrrr” account individual vault; YES
  2. The “Ludd” account individual vault; YES
  3. The “LrrrOrg” organization vault; YES
  4. The “LuddOrg” organization vault; YES
  5. The Family organization vault. YES
    “It is also not clear what you are doing when you write:

“If I open my (Lrrr) vault, … If I open Ludd’s vault, … If I open the Family vault,”

When signed into my account I see:

  1. My vault, Lrrr. No collections shown.
  2. Family vault. There is a Lrrr collection, a Ludd collection, an archive collection, and a default collection.
  3. Lrrr vault. No collection. Lrrr vault is empty.

When signed into Ludd account, I see:

  1. Ludd vault, but it’s empty.
  2. Family vault. It has Ludd’s items, and there is a Ludd collection, which seems to duplicate Ludd’s items.

“Do you or do you not have any vault items that are private to you, that never need to be accessed by “Ludd”?”
No. Ludd has my Lrrr sign-in for emergencies and vice versa. Nothing secret. Ludd simply wants to see the minimum items that they need and have me manage them.

“FYI, you will not be able to prevent “Ludd” from creating and keeping private vault items that are not accessible to you, but based on your description, they are unlikely to do attempt this.”
Understood. I have encouraged this, but — Luddite.

“Do you and “Ludd” have any items that you both wish to use (i.e., login credentials for a shared account), or is the sharing strictly for the purpose allowing you to manage Ludd’s items?”
Yes, there are some items are used by both Lrrr and Ludd. But I manage them, i.e. updating passwords, MFA, etc.

“When you are logging in to your own accounts using your stored credentials, do you wish to hide Ludd’s credentials so that they are not visible to you.”
I’d like them to be visible. It’s easier.

It’s really messy. Some vaults are empty, but items are in a collection. Some items are in vaults, but without a collection. My goal is for me to see and manage everything, with Lrrr only seeing what they want to see and/need. If I had my ‘druthers, I’d put everything into a family vault with dual access, but —- Ludd = Luddite.

Can you explain what I need to put where?

I assume that #3 is actually the “LrrrOrg” organization vault, presumably a free organization owned by the “Lrrr” user.

 

I assume that #1 is the “My Vault” individual vault associated with the Ludd user’s account.

In the Family vault, all items that are visible must belong to at least one collection. You are saying that the Family vault contains items you describe as “Ludd’s items” that are outside the Ludd collection (but also appear to be duplicated inside the Ludd collection).

 

(To be continued…)


Sorry, I have to tend to other business, will post the above comments for now and continue my response at a later time.