[GH-ISSUE #1136] Org managers can't create or manage collections #804

New issue

Closed

opened 2026-03-03 02:03:22 +03:00 by kerem · 5 comments

kerem commented 2026-03-03 02:03:22 +03:00

Owner

Copy link

Originally created by @jjlin on GitHub (Sep 12, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1136

According to https://bitwarden.com/help/article/user-types-access-control/#user-types, org managers should be able to:

• Only administer a collection it is associated with by an Owner or Admin
• Access and manage assigned collections in an organization
• Create new collections and modify the assigned collections
• Set user access for assigned collections

Attempting to create a new collection via the web vault results in

and log messages

[2020-09-12 00:29:38.993][request][INFO] POST /api/organizations/3c8806a6-2359-4c6c-b769-3fe52dab91bb/collections
[2020-09-12 00:29:38.995][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint
[2020-09-12 00:29:38.995][response][INFO] POST /api/organizations/<org_id>/collections (post_organization_collections) => 401 Unauthorized

Attempting to manage an existing collection via the web vault results in the Your login session has expired UI message, and log messages

[2020-09-12 00:31:57.174][request][INFO] GET /api/organizations/3c8806a6-2359-4c6c-b769-3fe52dab91bb/collections/320a942c-d232-4273-96e5-d2c872f8d1d8/details
[2020-09-12 00:31:57.175][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint
[2020-09-12 00:31:57.175][response][INFO] GET /api/organizations/<org_id>/collections/<coll_id>/details (get_org_collection_detail) => 401 Unauthorized

(This issue was first reported at https://bitwardenrs.discourse.group/t/manager-can-not-create-a-collection/287.)

Originally created by @jjlin on GitHub (Sep 12, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1136 According to https://bitwarden.com/help/article/user-types-access-control/#user-types, org managers should be able to: * Only administer a collection it is associated with by an Owner or Admin * Access and manage assigned collections in an organization * Create new collections and modify the assigned collections * Set user access for assigned collections Attempting to create a new collection via the web vault results in  and log messages ``` [2020-09-12 00:29:38.993][request][INFO] POST /api/organizations/3c8806a6-2359-4c6c-b769-3fe52dab91bb/collections [2020-09-12 00:29:38.995][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint [2020-09-12 00:29:38.995][response][INFO] POST /api/organizations/<org_id>/collections (post_organization_collections) => 401 Unauthorized ``` Attempting to manage an existing collection via the web vault results in the `Your login session has expired` UI message, and log messages ``` [2020-09-12 00:31:57.174][request][INFO] GET /api/organizations/3c8806a6-2359-4c6c-b769-3fe52dab91bb/collections/320a942c-d232-4273-96e5-d2c872f8d1d8/details [2020-09-12 00:31:57.175][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint [2020-09-12 00:31:57.175][response][INFO] GET /api/organizations/<org_id>/collections/<coll_id>/details (get_org_collection_detail) => 401 Unauthorized ``` (This issue was first reported at https://bitwardenrs.discourse.group/t/manager-can-not-create-a-collection/287.)

kerem 2026-03-03 02:03:22 +03:00

• closed this issue
• added the
  enhancement
  bug
  low priority
  labels

kerem commented 2026-03-03 02:03:23 +03:00

Author

Owner

Copy link

@FLX-0x00 commented on GitHub (Oct 7, 2020):

We are facing with the same issue. Is there any workaround?

<!-- gh-comment-id:704721190 --> @FLX-0x00 commented on GitHub (Oct 7, 2020): We are facing with the same issue. Is there any workaround?

kerem commented 2026-03-03 02:03:23 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Oct 9, 2020):

@blacklist-arcc, and i don't think there actually is a workaround at this point

<!-- gh-comment-id:706415004 --> @BlackDex commented on GitHub (Oct 9, 2020): @blacklist-arcc, and i don't think there actually is a workaround at this point

kerem commented 2026-03-03 02:03:24 +03:00

Author

Owner

Copy link

@matlink commented on GitHub (Nov 4, 2020):

@BlackDex Any progress on it? It is not really a low priority for us :(

<!-- gh-comment-id:721812402 --> @matlink commented on GitHub (Nov 4, 2020): @BlackDex Any progress on it? It is not really a low priority for us :(

kerem commented 2026-03-03 02:03:24 +03:00

Author

Owner

Copy link

@matlink commented on GitHub (Nov 11, 2020):

@jjlin @blacklist-arcc @BlackDex I've made a push request, trying to implement this. What I have tested is working so far (collection creation, managing users in it, delete managed collections).

<!-- gh-comment-id:725670246 --> @matlink commented on GitHub (Nov 11, 2020): @jjlin @blacklist-arcc @BlackDex I've made a push request, trying to implement this. What I have tested is working so far (collection creation, managing users in it, delete managed collections).

kerem commented 2026-03-03 02:03:24 +03:00

Author

Owner

Copy link

@FLX-0x00 commented on GitHub (Nov 13, 2020):

We will test this in our staging environment. Feedback in the next business days

<!-- gh-comment-id:727078104 --> @FLX-0x00 commented on GitHub (Nov 13, 2020): We will test this in our staging environment. Feedback in the next business days

kerem referenced this issue 2026-03-03 08:53:09 +03:00

[PR #804] [MERGED] Improve Github Actions Workflow #2802

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#804

No description provided.