web-vault v2024.12.0 Manage role permission issue #769

New Issue

MrUnknownDE · 2026-04-05T23:22:55+02:00

MrUnknownDE commented

2026-04-05 23:22:55 +02:00

Originally created by @Misterbabou on 1/8/2025

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.32.7-bc913d11
Web-vault version: v2024.12.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: MySQL
Database version: 11.6.2-MariaDB-ubu2404
Environment settings overridden!: true
Uses a reverse proxy: false
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: false
HTTPS Check: true
Websocket Check: true
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, TRASH_AUTO_DELETE_DAYS, ORG_CREATION_USERS, EMERGENCY_ACCESS_ALLOWED, ADMIN_TOKEN, INVITATION_ORG_NAME, DISABLE_2FA_REMEMBER

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "*****://****************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": true,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*********",
  "domain_origin": "*****://*********",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": false,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": 7,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden GO/PST",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "***************************",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 15,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.32.7-bc913d11

Deployment method

Build from source

Custom deployment method

No response

Reverse Proxy

No proxy

Host/Server Operating System

Linux

Operating System Version

Ubuntu 22.04

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Issue 1:

Go to your organisation as organisation owner
Create a collection
Click on Groups and create a new group and link the new collection with Can edit permission and press Save
Click on the new created group: tab Collections the permission show is Can manage instead of Can edit

Issue 2:

Go to your organisation as organisation owner
Create a collection
Click on 'Members' and edit a Role user member. on collections tab link the new collection with Can manage Permission and press Save
Click again on the member : tab Collections the permission show is Can edit instead of Can manage

Expected Result

Keep the permission previously set in the web-vault

Actual Result

For Members permission Can manage become Can edit
For Groups permission Can edit become Can manage

Logs

No response

Screenshots or Videos

No response

Additional Context

Thanks for the work added in #5219

The feature might not be added yet but for now, users with Can manage permissions (on collection) can't manage collection in the Password Manager.

On Vaulwarden Side:

(note Issue 1 and 2 prevent me to have a Can Manage in User permission and a Can edit in group permission)

User vault:

user can't edit the Collection even if they have Can manage permission

On Bitwarden side:

User vault:

User can edit the collection with Can manage permission

*Originally created by @Misterbabou on 1/8/2025* ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.32.7-bc913d11 * Web-vault version: v2024.12.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: MySQL * Database version: 11.6.2-MariaDB-ubu2404 * Environment settings overridden!: true * Uses a reverse proxy: false * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: false * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, TRASH_AUTO_DELETE_DAYS, ORG_CREATION_USERS, EMERGENCY_ACCESS_ALLOWED, ADMIN_TOKEN, INVITATION_ORG_NAME, DISABLE_2FA_REMEMBER **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "*****://****************************************************", "db_connection_retries": 15, "disable_2fa_remember": true, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*********", "domain_origin": "*****://*********", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": false, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": 7, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden GO/PST", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "***************************", "org_events_enabled": true, "org_groups_enabled": true, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "", "smtp_from_name": "Vaultwarden", "smtp_host": null, "smtp_password": null, "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 15, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.32.7-bc913d11 ### Deployment method Build from source ### Custom deployment method _No response_ ### Reverse Proxy No proxy ### Host/Server Operating System Linux ### Operating System Version Ubuntu 22.04 ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce Issue 1: 1. Go to your organisation as organisation owner 2. Create a collection 3. Click on `Groups` and create a new group and link the new collection with `Can edit` permission and press `Save` 4. Click on the new created group: tab `Collections` the permission show is `Can manage` instead of `Can edit` Issue 2: 1. Go to your organisation as organisation owner 2. Create a collection 3. Click on 'Members' and edit a Role user member. on `collections` tab link the new collection with `Can manage` Permission and press `Save` 4. Click again on the member : tab `Collections` the permission show is `Can edit` instead of `Can manage` ### Expected Result Keep the permission previously set in the web-vault ### Actual Result - For Members permission `Can manage` become `Can edit` - For Groups permission `Can edit` become `Can manage` ### Logs _No response_ ### Screenshots or Videos _No response_ ### Additional Context Thanks for the work added in #5219 The feature might not be added yet but for now, users with `Can manage` permissions (on collection) can't manage collection in the Password Manager. **On Vaulwarden Side:** ![2025-01-08_14-47](https://github.com/user-attachments/assets/b1ea2b79-732b-4ecb-83f5-fcff799b2b33) (note Issue 1 and 2 prevent me to have a `Can Manage` in User permission and a `Can edit` in group permission) User vault: ![2025-01-08_14-47_1](https://github.com/user-attachments/assets/1652d9ad-2394-40cd-9893-9c9a8b6ff295) user can't edit the Collection even if they have `Can manage` permission **On Bitwarden side:** ![2025-01-08_14-37](https://github.com/user-attachments/assets/96690a3c-7e3b-4964-9473-9a107d29bf8c) User vault: ![2025-01-08_14-38](https://github.com/user-attachments/assets/00857db8-384f-46bf-ae75-ee182bdf7c14) User can edit the collection with `Can manage` permission

MrUnknownDE closed this issue

2026-04-05 23:22:55 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#769