github/vaultwarden
1
1
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-05 20:31:58 +02:00
Code Issues 44 Packages Projects Releases Wiki Activity

Custom User role not able to delete collection for which assigned manage permission #434

New Issue
Closed
opened 2026-04-05 21:14:07 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 21:14:07 +02:00
Owner
Copy Link

Originally created by @jpVm5jYYRE1VIKL on 8/6/2025

Prerequisites

Vaultwarden Support String

issue not related to any crashes and do not require any trace

Vaultwarden Build Version

1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

nginx

Host/Server Operating System

Linux

Operating System Version

No response

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Well let say that exist user which have custom permission to manage some collections .
But in reality such user not able to delete collection for which he is manager.
Organisation link even not appear in user web ui.
If to assign for user permission to be able to manage all collecion then organisation link appear in users web ui but user also able to manege and delete any collection in organisation which it extremely huge security problem.

  1. Create organisation
  2. create some collections : collection1 , collection2, collection3
  3. create user with custom permission role
  4. assign for user permission to be manager of one of collections
  5. Login as user to web ui
  6. you not able to do any management of collection because not exist link to Admin Console for such user

Expected Result

User must be able to manage collection where he assigned to be manager and must be able to delete collation for which he is manager.

Actual Result

User cannot do anything with collection except adding password or delete passwords.

Logs

Screenshots or Videos

No response

Additional Context

No response

*Originally created by @jpVm5jYYRE1VIKL on 8/6/2025* ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String issue not related to any crashes and do not require any trace ### Vaultwarden Build Version 1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy nginx ### Host/Server Operating System Linux ### Operating System Version _No response_ ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce Well let say that exist user which have custom permission to manage some collections . But in reality such user not able to delete collection for which he is manager. Organisation link even not appear in user web ui. If to assign for user permission to be able to manage all collecion then organisation link appear in users web ui but user also able to manege and delete any collection in organisation which it extremely huge security problem. 1. Create organisation 2. create some collections : collection1 , collection2, collection3 3. create user with custom permission role 4. assign for user permission to be manager of one of collections 5. Login as user to web ui 6. you not able to do any management of collection because not exist link to Admin Console for such user ### Expected Result User must be able to manage collection where he assigned to be manager and must be able to delete collation for which he is manager. ### Actual Result User cannot do anything with collection except adding password or delete passwords. ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
Third party
Third party
Third party
Third party
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
good first issue
help wanted
low priority
low priority
low priority
low priority
question
question
No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/vaultwarden#434
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?