This issue originally was about how to organize vaults so that items could be shared with individuals. It turned into the ‘send’ functionality, which is nice, but not what was originally requested.
Right now, for an organization or a company, the available options for organizing vaults for different teams, and different accesses is quite limiting.
Imagine a typical organization, of say 60 people. There is a executive layer, then a set of line managers who manage teams, and individuals in those teams.
The executive/COO should have access to all passwords, and be able to manage all ACLs. They should be able to create a ‘team’ that is then is managed by that team’s manager. That manager should be able to then create users for that team, create collections in that team and logins/passwords that are part of different collections, and access given to the different people in that team who need it. The exec layer should also be able to create passwords for their needs, in their collections as well.
At any time, the manager of a team should be able to revoke the access of any team member, and similarly the exec should be able to revoke the manager’s access (or any individual team member in a team).
There should be additionally a way to have passwords that are not in specific teams, but are one-offs that can be shared with any individual in the organization. When I say “shared”, I don’t mean “send” via bitwarden, what I mean is to let them have access in bitwarden to the access, for when they need it.
Right now, I can make an organization which holds passwords that are not team-specific. Lets say its a password for github, and I need three managers of teams to access it. I have to then create a ‘collection’ for each of those users and the github password is shared into that collection. I then have to invite that user to the organization and give access to view their collection.
This somewhat awkward setup works, but it is quite confusing and weird for everyone. I have to keep explaining it to everyone and everyone gets it wrong. It feels like a hack until something more organized and better built is made, that is what I thought this issue was about. Is there a better issue that tracks this and isn’t about the “Send” functionality?
I see in the 2024 roadmap that there was this feature “New organization vault and user reports” – could this be a better way to solve this problem? Has this been implemented? Where can I see what that feature is/was planned to be?