Organisation Collection Permission

[da4id]

Vaultwarden Support String

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.33.2
• Web-vault version: v2025.1.1
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Debian)
• Database type: SQLite
• Database version: 3.48.0
• Environment settings overridden!: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: false
• HTTPS Check: true
• Websocket Check: true
• HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, USER_ATTACHMENT_LIMIT, TRASH_AUTO_DELETE_DAYS, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_DOMAINS_WHITELIST, ORG_CREATION_USERS, INVITATIONS_ALLOWED, EMAIL_CHANGE_ALLOWED, PASSWORD_HINTS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN, INVITATION_ORG_NAME, ADMIN_SESSION_LIFETIME, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_AUTH_MECHANISM, SMTP_TIMEOUT, SMTP_ACCEPT_INVALID_CERTS, SMTP_ACCEPT_INVALID_HOSTNAMES

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**********************",
  "domain_origin": "*****://**********************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": false,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "BFAG Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "*******************,**********************,*********************,**********",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "*******",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": true,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Login",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*******************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "*************",
  "smtp_password": "***",
  "smtp_port": 25,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 730,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": 102400,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.33.2

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

nginx

Host/Server Operating System

Linux

Operating System Version

Debian 12

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Hi, i updated from 1.32.2 to 1.33.2 since the Update on feature for permissions is missing

Go to Admin Console
Select Organisation
Members
Select one memeber and press ... on the right side -> Collections
This option is missing in the current Version

Its not possible to add Users to Organisation and grant Permission to all Collections. I need to select all Collections manually and i have a lot of Collections....

Expected Result

Option to grant access to all Collections

Actual Result

Option is missing

Logs

Screenshots or Videos

No response

Additional Context

No response

[da4id]

Currently the dialog looks like this

[BlackDex]

That is by design. Bitwarden changed the way of working.
See:

• https://bitwarden.com/help/about-collections/
• https://bitwarden.com/help/collection-management/

Vaultwarden tried to adopt at least the manager role via the custom role. But there is no way to add this feature back.

[BlackDex]

Then I'm afraid we can't really adjust that rather easily. We do not want to make too much changes to the web-vault, and we do not know what possible impact it might have on all the other parts of the client for example.

[deajan]

Fair enough. Thanks for the feedback.

[senpro-ingwersenk]

Would it be possible to implement some of these options as utilities in the admin page at least? Would help at least a little bit...

Alternatively, what API endpoints would be needed? Could write a script perhaps. https://rest.sh/#/ could be useful here, for that.

[senpro-ingwersenk]

@BlackDex Perhaps not the Web-Vault - but what about the AdminUI on /admin? As far as I am aware, that one is separate and would be free to host arbitrary utilitiys like that...?

[BlackDex]

As mentioned somewhere. That isn't possible either. Vaultwarden doesn't known if collections are nested. Nesting is done by splitting on / in the collection name. And Vaultwarden isn't able to decrypt this.

[deajan]

So I decided to code a quick and dirty tool that leverages the bitwarden CLI API in order to make collection inheritance.
Basically, I use it to connect via the API, select an organization, select a collection, and have all the sub collections inherit from the selected collection permissions.
If course this inheritance isn't dynamic, but at least it allows to avoid manual settings.

Have a look at https://github.com/netinvent/bitwarden_cli_toolkit if you want to play with it.
Feel free to contribute or open feature requests, as long as they're reasonable, I'll try to make them happen.

[owirtifo]

It would be convenient to have a Select all button to be able to select all collections from the list: