diff --git a/_articles/organizations/collections.md b/_articles/organizations/collections.md index f2bc8e2e..41bee81c 100644 --- a/_articles/organizations/collections.md +++ b/_articles/organizations/collections.md @@ -11,7 +11,13 @@ Collections allow you to group related items that are being shared from your org {% image organizations/collection-listing.png %} -When you add a new user to your organization, you can associate that user to one or more collections within your organization. Once the user has access to your organization, any items that are placed into that user's associated collections will be available in their vault. When associating a user to a particular collection, you can also decide whether or not that user has write access to logins contained within it. Selecting the **Read Only** option will ensure that the user cannot add, edit, or delete any items within that particular collection (they can just view and use them). You can also associate [user groups]({% link _articles/organizations/groups.md %}) to collections in the same way. +When you add a new user to your organization, you can associate that user to one or more collections within your organization. Once the user has access to your organization, any items that are placed into that user's associated collections will be available in their vault. + +When associating a user to a particular collection, you can select options for users and groups that will access the items within the collection. + +**Read Only:** Selecting this option will ensure that the user cannot add, edit, or delete any items within that particular collection (they can just view and use them). You can also associate [user groups]({% link _articles/organizations/groups.md %}) to collections in the same way. + +**Hide Passwords:** This option will hide all passwords, hidden fields, and TOTP seeds within the collection, from users who are assigned to it. This will also prevent copy and paste actions as well. Credentials in this collection will have to leverage autofill functions for input. {% note %} Collections are different than [folders]({% link _articles/features/folders.md %}). Collections are a way to organize items and control user access within an organization’s vault while folders are a way for individual users to organize items within their own personal vault. An individual user may wish to further organize the items being shared with them in their own vault into a personalized folder structure that makes sense just for them. diff --git a/_articles/organizations/user-types-access-control.md b/_articles/organizations/user-types-access-control.md index 71bfeec4..2824515b 100644 --- a/_articles/organizations/user-types-access-control.md +++ b/_articles/organizations/user-types-access-control.md @@ -9,11 +9,11 @@ tags: [user types, access control] ## User Types -When adding users to your Bitwarden Organization, you can grant certain levels of access by user type. Options include Owner, Admin, Manager and User. See further details below: +When adding users to your Bitwarden Organization, you can grant certain levels of access by user type. Options include Owner, Admin, Manager and User. See further details below: -### User +### User - Most common user type -- Only have access to assigned collections +- Only have access to assigned collections - Consumers of shared items in addition to their individual vault items - Only work with items under collections they have been associated with - Unable to create collections @@ -21,10 +21,10 @@ When adding users to your Bitwarden Organization, you can grant certain levels o ### Manager - Only administer a collection it is associated with by an Owner or Admin - Access and manage assigned collections in an organization -- Create new collections and modify the assigned collections +- Create new collections and modify the assigned collections - Able to set user access for assigned collections -### Admin +### Admin - Access and manage all items, collections, and users in your organization - Invite and confirm users to join an organization - Manage Enterprise Policies @@ -33,7 +33,7 @@ When adding users to your Bitwarden Organization, you can grant certain levels o - Export organization vault data - Normally only a few select Admins in an organization -### Owner +### Owner - Highest level of access - Manage all aspects of the organization - Manage billing, subscription, and integration mechanisms @@ -46,8 +46,22 @@ Once the user or user’s group is saved with their Collections access, the user ## Access Control In addition to defining the User Type, Access Control determines a full or partial view of the collections within an organization. -Choose **all items** or **selected collections** to set the appropriate access. +Choose **all items** or **selected collections** to set the appropriate access for the user. -Choose **read only** for the appropriate collections. +{% note %} +Admin and Owner user-types can access all collections regardless of assignment when accessing Bitwarden from the Organization View. Assignments will control client access and display of collections. +{% endnote %} + +### Item Access and Control + +**Read Only** +- Selecting this option will prevent users assigned to this collection from adding new items, and editing or deleting existing items. + +**Hide Passwords** +- This option hides passwords, TOTP seeds, and any custom fields of type *hidden* in this collection. This also disables the ability for an end-user to copy a password. In this configuration, an item may only be used with auto-fill. + +{% warning %} +Enabling hidden passwords prevents the easy copy and paste of hidden items, however it does not completely prevent user access to this information. Please treat hidden passwords as you would any shared credential. +{% endwarning %} {% image organizations/user-types-access-control.png %}