Setting up administrative accounts with lesser privileges
- Recursos
- Setting up administrative accounts with lesser privileges
Bitwarden member roles include four pre-defined permissions sets including a configurable Custom member role (Enterprise only). Owners and Admins have full administrative access by default to prevent lockout and allow for user account administration.
To limit the day-to-day access a user has to the entire Organization, Owner account(s) can be set up with service account email addresses - these are not accessed regularly, but only to perform tasks that require access to all vault data at once - and Admin account(s) can be downgraded to the Custom member role with a specific permissions set.
This guide assumes that you have already determined a storage and approval mechanism for the Owner account(s). It is recommended to remain logged into an Owner account while modifying the Admin account(s) to Custom role(s).
The below Custom member role will replace your users’ Admin member role:
Check any of the following boxes:
Access event logs
Access reports
Create new collections
Manage groups
Manage SSO
Manage policies
Note that none of the options above provide access to additional vault items.
Now that the Admin users have been downgraded, several tasks can only be accomplished via the Owner account(s) due to the cryptographic or API permissions these tasks require. These tasks are:
Import/Export of the organization vault
Editing/Deleting unassigned collections
Account recovery
Manual user onboarding/offboarding
Accessing the organization API key
Once you have changed your Admin users to this Custom member role, you will need to designate people to manage access to each collection. There are two ways to configure this, depending on how much access you want to give to the "department head".
Can manage Collection permission
Grant the department heads the can manage permission for any collection you would like them to manage.
Allowing Department Heads to create new collections
If your "department head" needs to be able to create new collections in addition to managing their currently assigned collections, you will have two options.
Allow all users to create collections
Within the Admin Console, navigate to Settings > Organization info. From there, you will be able to decide whether you want Collection creation and deletion restricted to owners and admins. If you would like all users to be able to create collections, uncheck this box and save.
Restrict collection creation to designated members
To allow department heads to create new collections when the Collection management option is checked, you will need to additionally grant those members the following Custom role:
These members will still need to be granted the Can manage permission for any existing collections, but will immediately be granted Can manage for any new collection they create.
Learning Center Modules
Help Articles
Elija el plan que se adapte a sus necesidades
Gratis
$0
al mes
Gratis para siempre
Obtenga un almacén Bitwarden
- Dispositivos ilimitados
- Gestión de claves de acceso
- Todas las funciones básicas
- Siempre gratis
Compartir elementos del almacén con otro usuario
Premium
Less than$1
al mes
$10 facturados anualmente
Disfrute de funcionalidades premium
- Autenticador Bitwarden
- Archivos adjuntos
- Acceso de emergencia
- Informes de seguridad y mucho más
Compartir elementos del almacén con otro usuario
Familias
$3.33
al mes
Hasta 6 usuarios, $40 facturados anualmente
Proteja los datos de login de su familia
- 6 cuentas premium
- Compartir sin límites
- Colectas ilimitadas
- Organización del almacenamiento
Compartir los elementos del almacén entre seis personas
Precios en USD y basados en una suscripción anual
Equipos
Protección resistente para equipos en crecimiento
$4
por mes/por usuario facturado anualmente
Comparta datos sensibles de manera segura con compañeros de trabajo, entre departamentos o con toda la empresa.
- Intercambio seguro de datos
- Supervisión del registro de sucesos
- Integración de directorios
Incluye funcionalidades premium para todos los usuarios
Empresa
Funciones avanzadas para grandes organizaciones
$6
por mes/por usuario facturado anualmente
Utilice funcionalidades avanzadas como las políticas de empresa, el SSO sin contraseña y la recuperación de cuentas.
- Políticas empresariales
- SSO sin contraseña
- Recuperación de cuentas
Incluye funcionalidades premium y un plan familiar gratuito para todos los usuarios
Solicitar presupuesto
Para empresas con cientos o miles de empleados, póngase en contacto con ventas para obtener un presupuesto personalizado y ver cómo Bitwarden puede:
- Reducir el riesgo de ciberseguridad
- Aumentar la productividad
- Integrarse perfectamente
Bitwarden se adapta a empresas de cualquier tamaño para garantizar la seguridad de las contraseñas en su organización.
Precios en USD y basados en una suscripción anual