Fix collection access issues for owner/admin users #2640

New Issue

MrUnknownDE · 2026-04-06T03:51:51+02:00

MrUnknownDE commented

2026-04-06 03:51:51 +02:00

Originally created by @jjlin on 1/27/2021

The implementation of the Manager user type (#1242) introduced a regression
whereby owner/admin users are incorrectly denied access to certain collection
APIs if their access control for collections isn't set to "access all".

Owner/admin users should always have full access to collection APIs, per
https://bitwarden.com/help/article/user-types-access-control/#access-control:

Assigning Admins and Owners to Collections via Access Control will only
impact which Collections appear readily in the Filters section of their
Vault. Admins and Owners will always be able to access "un-assigned"
Collections via the Organization view.

Fixes #1307.

*Originally created by @jjlin on 1/27/2021* The implementation of the `Manager` user type (#1242) introduced a regression whereby owner/admin users are incorrectly denied access to certain collection APIs if their access control for collections isn't set to "access all". Owner/admin users should always have full access to collection APIs, per https://bitwarden.com/help/article/user-types-access-control/#access-control: > Assigning Admins and Owners to Collections via Access Control will only > impact which Collections appear readily in the Filters section of their > Vault. Admins and Owners will always be able to access "un-assigned" > Collections via the Organization view. Fixes #1307.

MrUnknownDE closed this issue

2026-04-06 03:51:51 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#2640