make access_all optional #1019

New Issue

MrUnknownDE · 2026-04-06T01:34:09+02:00

MrUnknownDE commented

2026-04-06 01:34:09 +02:00

Originally created by @stefan0xC on 8/1/2024

As noted here https://github.com/dani-garcia/vaultwarden/issues/4775#issuecomment-2251024214 the access_all flag has been removed in the newer web-vaults resulting in an error when editing a user:

[2024-08-01 13:29:25.313][vaultwarden::api::core::organizations::_][WARN] Data guard `Json < EditUserData >` failed: Parse("{\"collections\":[{\"id\":\"64256828-6251-4bef-8dee-2128b63f520a\",\"readOnly\":true,\"hidePasswords\":false,\"manage\":false}],\"groups\":[],\"permissions\":{\"response\":null},\"type\":0}", Error("missing field `accessAll`", line: 1, column: 169)).

Note: Since newer web-vaults don't have the access_all flag anymore, it will be removed if you update a user with that permission. Due to the new view admins/owners will also not see all items in the password manager anymore, but only to items in collections they have explicit view access to (either directly or via a group).

This is purely a fix to make it compatible with newer versions of the web-vault (web-v2024.6.3 and later). Bitwarden stated that they will deprecate "the Access all existing and future collections permission" and change "all users that had this permission the Can manage permission for all existing collections" when migrating existing users to the new collection management system. This does not (currently) apply to Vaultwarden as we have not implemented this yet. They also removed the Manager role, so I'm not sure if that's the appropriate course of action, giving all users with access_all the ability to manage who has access to collections... 😬

*Originally created by @stefan0xC on 8/1/2024* As noted here https://github.com/dani-garcia/vaultwarden/issues/4775#issuecomment-2251024214 the `access_all` flag has been removed in the newer web-vaults resulting in an error when editing a user: ``` [2024-08-01 13:29:25.313][vaultwarden::api::core::organizations::_][WARN] Data guard `Json < EditUserData >` failed: Parse("{\"collections\":[{\"id\":\"64256828-6251-4bef-8dee-2128b63f520a\",\"readOnly\":true,\"hidePasswords\":false,\"manage\":false}],\"groups\":[],\"permissions\":{\"response\":null},\"type\":0}", Error("missing field `accessAll`", line: 1, column: 169)). ``` Note: Since newer web-vaults don't have the `access_all` flag anymore, it will be removed if you update a user with that permission. Due to the new view admins/owners will also not see all items in the password manager anymore, but only to items in collections they have explicit view access to (either directly or via a group). This is purely a fix to make it compatible with newer versions of the web-vault (`web-v2024.6.3` and later). [Bitwarden stated that](https://bitwarden.com/help/user-types-access-control/#member-roles) they will deprecate "the **Access all existing and future collections** permission" and change "all users that had this permission the **Can manage** permission for all existing collections" when migrating existing users to the new collection management system. This does not (currently) apply to Vaultwarden as we have not implemented this yet. They also removed the Manager role, so I'm not sure if that's the appropriate course of action, giving all users with access_all the ability to manage who has access to collections... :grimacing:

MrUnknownDE closed this issue

2026-04-06 01:34:09 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1019