Member Roles and Permissions
Members of Bitwarden organizations can be granted a variety of roles and levels of permission for collections. You can set roles and collections permissions when you invite users to your organization, or at any time from the Members screen in your organization using the Options menu:
Role determines the what actions a member can take within the context of your organization's available tools. Roles do not determine which collections they have access to.
When you turn on collection management, all Managers to members with the User role and automatically provided them a new Can manage permission over assigned collections. They will retain the ability to fully manage those collections, including the ability to assign new members or groups access. This release also:
Migrated members with a custom role that includes Edit assigned collections to the User role with Can manage permission over those collections.
Migrated members with a custom role with only Delete assigned collections to the User role with no permission over those collections.
Deprecated the Access all existing and future collections permission and granted all users that had this permission Can manage permission for all existing collections.
Only an owner can create a new owner or assign the owner type to an existing user. For failover purposes, Bitwarden recommends creating multiple owner users.
Custom roles are currently available for Enterprise organizations. Selecting the Custom role for a user allows for granular control of permissions on a user-by-user basis. A custom role user can have a configurable selection of manager and admin capabilities, including:
Access event logs
Manage all collections (provides the following three options)
Create new collections
Edit any collection
Delete any collection
Custom users with the Manage users permission can manage other custom users, however they can only assign other custom users the permissions that they themselves have.
Manage account recovery
Permissions determine what actions a user can take with the items in a particular collection. While role can only set at an individual-member level, permissions can either be set for an individual member or for a group as a whole: