Collection management beta
Collections gather together logins, notes, cards, and identities for secure sharing from an organization. Think of collections as organization-equivalents to folders, with a few key differences:
Organization users control access to organization-owned items by assigning users or groups to collections.
Organization-owned items must be included in at least one collection.
Collection management settings can be customized to best fit the needs of your organization. Specifically, there are two options located on the Settings > Organization info screen which you can use:
noot
Vanaf 03/07/24 worden organisaties die collectiebeheer nog niet hebben ingeschakeld in batches gemigreerd naar een bijgewerkte rechtenstructuur. Als je organisatie nog niet is gemigreerd, zal dat binnen enkele weken gebeuren of als je collectiebeheer handmatig inschakelt.
Tijdens de migratie worden alle Managers gemigreerd naar leden met de rol Gebruiker en automatisch voorzien van een nieuwe machtiging Kan beheren over toegewezen collecties. Ze behouden de mogelijkheid om deze collecties volledig te beheren, inclusief de mogelijkheid om nieuwe leden of groepen toegang te verlenen. Dit zal ook:
Migreer leden met een aangepaste rol die toegewezen collecties bewerken bevat naar de rol Gebruiker met de rechten Kan beheren over die collecties.
Migreer leden met een aangepaste rol met alleen Verwijder toegewezen collecties naar de Gebruiker rol zonder rechten over die collecties.
De toestemming Toegang tot alle bestaande en toekomstige collecties is vervallen en alle gebruikers die deze toestemming hadden, hebben toestemming gekregen Kan toestemming beheren voor alle bestaande collecties.
Owners and admins can manage all collections and items
This option will dictate whether users with the owner or admin role are provided management permissions to all collections within your organization. This option is suited for you if, for example, your IT team requires access to all vault items associated with your organization. If turned on, management permissions will allow owners and admins to:
Add, edit, or remove vault items from a collection.
Add or remove users or groups from a collection.
tip
If you want a break-glass account with access to all collections, but don't want all owners and admins to have that access, consider creating a custom role user with the Manage all collections permission.
Limit collection creation and deletion to owners and admins
This option will dictate whether users with the user role are provided with the ability to create or delete collections for themselves and their teams. This option is suited to you if, for example, you want owners and admins to create your organization's collections infrastructure on behalf of your users.
tip
Zelfs als dit is ingeschakeld, kan elke gebruiker nog steeds beheerrechten krijgen voor een collectie, zodat ze de leden en inhoud ervan kunnen beheren als ze eenmaal zijn aangemaakt.
Both options off
With both options turned off, your individual users and teams must be responsible for the creation and management of their own collections and will be using credentials that owners and admins will not have access to.
Consider this scenario for the most principle-of-least-privilege experience and if your owner and admin accounts will be used primarily for organization configuration (e.g. policies) and user management (e.g. setting up SCIM or inviting users manually).
Only 'Owners and admins can manage all collections and items' on
With only this option turned on, your individual users and teams can create and manage their own collections however owners and admins will automatically gain access to them and can opt to create or manage collections on users' behalf when appropriate.
Consider this scenario if your owner and admin team requires predictable access to all vault items associated with your organization for regular auditing or management, but wants to provide users with the flexibility to create collections for themselves and their teams.
Only 'Limit collection creation and deletion to owners and admins' on
With only this option turned on, your owners and admins will be required to create your organization's collections infrastructure on behalf of your users but can also assign individual users to manage the items and people in those collections once created.
Consider this scenario if your owner and admin team requires that shared data be kept within a discrete set of known collections, but doesn't want access to the credentials themselves.
Both options on
tip
If you were a customer of Bitwarden prior to February 20th, 2024, this scenario matches the functionality offered before collections management was released.
With both options turned on, your owners and admins must be responsible for the creation and management of collections on behalf of your users.
Consider this scenario if your owner and admin team requires strict control over the shared credentials used within your organization.