Questions about the new Centralize organization ownership policy

Ask the Community Password Manager
, ,
1

Hello everyone,

Previously, our organization used the Remove individual vault policy to prevent end users from storing credentials in a location that administrators could not manage.

Our onboarding process looked like this:

  • Create a dedicated collection for the user

  • Instruct the user to save any role-specific or user-specific credentials into that collection

It was a little clunky, but it gave us the level of administrative control we needed.

Recently, it appears this policy has been replaced by Centralize organization ownership. From what I understand, this changes My Vault into My Items and makes those items organization-owned.

Where I’m struggling

In my use case, administrators still do not have direct access to a user’s My Items while that user remains in the organization. That seems to remove one of the main advantages we previously had with user-specific collections.

Example scenario

Suppose an employee goes on an extended leave of absence and is expected to return in several months.

Under the previous workflow, I could simply update permissions on that employee’s dedicated collection and grant their supervisor access to the needed credentials.

Under the new model, it seems I would need to:

  1. Revoke or remove the user’s access

  2. Wait until their My Items can be transferred

  3. Create or reassign a collection

  4. Share that collection with the supervisor

That feels like a step backward for temporary coverage situations.

What I may be missing

What I’m having trouble understanding is:

  • What is the practical advantage of My Items over simply using user-specific collections?

  • How are admins expected to handle temporary leave scenarios without removing the user?

  • Why not automatically create and assign a collection for each new user instead of introducing a separate My Items area?

Another challenge is that the Bitwarden client appears to default to saving new credentials in My Items, not directly into an organization collection. That increases the likelihood that credentials end up somewhere administrators cannot actively manage unless the user is offboarded.

My concern

From an admin perspective, this feels like it introduces a new storage location that is technically organization-owned, but not operationally manageable in the same way collections already were.

I may be overlooking an intended workflow here, so I’d appreciate any clarification from others who have adopted this policy.

Thanks.