bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2026-01-09 03:53:15 +00:00
Code Issues Releases Wiki Activity

Release (#585)

Browse Source 
* Promote to Staging (#567)

* mobile launch in GS Guide

* recovery code note -> when does it change

* EA + forgot MP

* Send in Feature tables

* BE Badge Counter

* Send hidden email option

* weak passwords sort

* safari biometrics

* custom fields - keys

* FIDO Updates

* release notes

* updates to user types article (not rel-related)

* Folders Correction (interplay w/ shared items) (non rel-related)

* Send Options Policy

* Hide Custom Fields Update

* rn updates

* final release edits

* safari-biometrics-updates

* biometrics safari fix

* fido list update

* rn date

* link fix

* Update attachments.md

* Update cli.md

* Update 2020-plan-updates.md

* Update about-bitwarden-plans.md

* Update premium-renewal.md

* Update what-plan-is-right-for-me.md

* Update why-choose-bitwarden-for-your-team.md

* Update about-send.md

* Update create-send.md

* Attachments note
This commit is contained in:
fred_the_tech_writer
2021-05-11 15:43:50 -04:00
committed by GitHub
parent e6f2177f5f
commit 0407739fec
36 changed files with 245 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
_articles/organizations/policies.md
View File

@@ -110,3 +110,11 @@ Vault Items that were created prior to the implementation of this policy or prio
Enabling the **Disable Send** policy will prevent non-Owner/non-Admin users from creating or editing a Send using [Bitwarden Send]({% link _articles/send/about-send.md %}). Users subject to this policy will still be able to delete existing Sends that have not yet reached their [Deletion Date]({% link _articles/send/send-lifespan.md %}).
A banner is displayed to users in the Send view and on opening any existing Send to indicate that a policy is restricting them to only deleting Sends.
### Send Options
Enabling the **Send Options** policy will allow Owners and Admins to specify options for creating and editing Sends. Owners and Admins are exempt from this policy's enforcement. Options include:
|Option|Description|
|------|-----------|
|Do not allow users to hide their email address|Enabling this option disables the [Hide Email option]({{site.baseurl}}/article/send-privacy/#hide-email), meaning that all [received Sends]({{site.baseurl}}/article/receive-send) will include whom they are sent from.|

48
_articles/organizations/user-types-access-control.md
View File

@@ -8,31 +8,29 @@ tags: [user types, access control]
order: 06
---
Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions.
Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions and access. You can set User Types and Access Controls when you [invite users to your Organization]({{site.baseurl}}/article/managing-users/), or at any time from the **Manage** → **People** screen in your Organization:
You can designate User Type and Access Control when you invite users to your Organization (see [Add or Remove Users From Your Organization](https://bitwarden.com/help/article/managing-users/)), or at any time from the **Manage** → **People** screen in your Organization.
{% image organizations/user-types-access-control.png Editing User Types and Access Control %}
## User Types
User Type determines the level of access that a user will have within your Organization. User Type is configured at the Organization level.
Options include:
User Type determines the permissions a user will have within your Organization. User Types does not determine [which Collections they have access to](#access-control), rather it determines **what actions they can take** within the context of your Organization's resources and tools. Options include:
|User Type|Permissions|
|---------|-----------|
|User|Access shared items in assigned Collections<br>Add, edit, or remove items from assigned Collections (unless **Read Only**)|
|Manager|All of the above,<br>+ Assign Users to Collections<br>+ Assign User Groups to Collections<br>+ Create or delete new Collections|
|Manager|All of the above,<br>+ Assign Users to Collections<br>+ Assign User Groups to Collections<br>+ Create or delete Collections|
|Admin|All of the above,<br>+ Assign Users to User Groups<br>+ Create or delete User Groups<br>+ Invite and confirm new Users<br>+ Manage Enterprise Policies<br>+ View Event Logs<br>+ Export Organization Vault data<br><br>**Admin Users automatically have access to all Collections.**|
|Owner|All of the above,<br>+ Manage Billing, Subscription, and Integrations<br><br>**Owner Users automatically have access to all Collections.**|
|Custom|Allows for granular control of user permissions on a user-by-user basis. For more information, see [Custom Role](#custom-role).|
|Custom|Allows for granular control of user permissions on a user-by-user basis, see [Custom Role](#custom-role).|
{% callout warning %}
**Only an Owner** can create a new Owner or assign Owner to an existing user. For failover purposes, Bitwarden recommends creating multiple Owner users.
{% callout info %}
**Only an Owner** can create a new Owner or assign the Owner type to an existing user. For failover purposes, Bitwarden recommends creating multiple Owner users.
{% endcallout %}
### Custom Role
Selecting the **Custom** role for a user allows for granular control of user permissions on a user-by-user basis. A user with the Custom role can have a customizable selection of Manager and Admin capabilities, including:
Selecting the **Custom** role for a user allows for granular control of permissions on a user-by-user basis. A Custom role user can have a configurable selection of Manager and Admin capabilities, including:
- Manage Assigned collections
- Access Business Portal
@@ -54,28 +52,24 @@ As an example, the Custom role allows for the creation of a user that can fully
## Access Control
Access Control determines the Collection assignment of **Users** and **Managers**, as well as permissions within a given Collection. Access Control is configured at the Collection level.
Assigning **Admins** and **Owners** to Collections via Access Control will only impact which Collections appear readily in the **Filters** section of their Vault. Admins and Owners will always be able to access "un-assigned" Collections via the Organization view.
Access Control determines access to Collections, as well as permissions within each individual Collection:
{% image /organizations/collection-access-control.png Configure Access Control options %}
Selecting **This user can access and modify all items** will allow users to use all Collections in your Organization.
{% callout info %}
Recall that [Admins and Owners](#user-types) can automatically access all Collections. For these user types, configuring Access Control will determine **which Collections are readily accessible** in their Personal Vault and client applications (Browser Extension, Mobile, etc.). Admins and Owners will still be able to access "unassigned" Collections from the Organization Vault.
{% endcallout %}
Selecting **This user can access only the selected collections** will restrict users to only the assigned Collections, and activate Granular Access Control:
|Access Control|Description|
|--------------|-----------|
|**This user can access and modify all items**|Grants the user(s) access to all Collections, as well as the ability to modify Vault items stored therein.<br><br>Selecting this option will collapse the Collection selection section.|
|**This user can access only the selected Collections**|Grants the user(s) access to only selected Collections, as well as [granular access control](#granular-access-control) over permissions for each Collection.<br><br>Selecting this option will expand the Collection selection section.|
### Granular Access Control
To assign users to only selected Collections, check the checkbox to the left of each desired Collection. For each checked Collection, you may also configure:
If you selected **This user can access only the selected Collection**, choose which Collections you want to provide them access to. For each Collection, you can also configure the following options:
**Hide Passwords**
Selecting **Hide Password** prevents users from seeing or copying all passwords, TOTP seeds, or *Hidden* custom fields. Users with **Hide Passwords** active may only use items in the Collection via Auto-Fill.
{% callout warning %}
Enabling **Hide Passwords** prevents easy copy-and-paste of hidden items, however it does not completely prevent user access to this information. Treat hidden passwords as you would any shared credential.
{% endcallout %}
**Read Only**
Selecting **Read Only** prevents users from adding, editing, or removing items within the Collection. Users with **Read Only** active may still see and use all passwords, TOTP seeds, and *Hidden* custom fields.
|Option|Description|
|------|-----------|
|**Hide Passwords**|Prevents users from seeing or copying all passwords, TOTP seeds, or *Hidden* custom fields. Users with **Hide Passwords** active may only use items in the Collection via Auto-Fill.<br><br>**Hide Passwords** prevents easy copy-and-paste of hidden items, however it does not completely prevent user access to this information. Treat hidden passwords as you would any shared credential.|
|**Read Only**|Prevents users from adding, editing, or removing items within the Collection. Users with **Read Only** access may still see and use all passwords, TOTP seeds, and *Hidden* custom fields.|