Collection Settings
Collection management settings are a set of organization-wide rules that interact directly with member roles and collection permissions to allow or limit certain actions for certain user populations. These settings can only be set by an organization owner from the Admin Console's Settings → Organization info view:
List of settings
Allow owners and admins to manage all collections and items from the Admin Console
This option interacts with the owner and admin member roles to determine whether that user population has automatic access to all collections, and therefore all items, in your organization.
On | When on, owners and admins gain the equivalent of the Manage collection permission for all collections in your organization. Functionally, this means that owners and admins can alter or remove any collection, alter or remove the items in any collection, alter or remove the groups and members assigned to any collection, and alter the collection permissions assigned to any group or member for any collection. |
Off | When off, collections can only be managed in the above manner by members with the Manage collection permission specifically assigned to them. Owners and admins will only have access to collections to which they have permissions directly assigned. This does not prevent owners and admins from exporting all organization owned data. To prevent the possibility of orphaned collections, an Add Access badge will be displayed in the Collections view for any collection that does not have a member with Manage collection permission. Owners and admins will temporarily gain access to these collections until they assign a member that permission. |
tip
This option is suited for you if, for example, your IT team requires access to all vault items associated with your organization for regular auditing.
Restrict collection creation to owners and admins
This option interacts with the owner and admin member roles to determine whether only that user population has the ability to create collections.
On | When on, only owners and admins can create collections. This user population will be required to create your organization's collection structure on behalf of your users, but can assign individual users to manage the items and people in those collections once created. |
Off | When off, members with any role can create collections for themselves and their team. Members who create a collection will automatically have Manage collection permission over that collection. |
tip
Even if turned on, any user can still be granted Can manage permission for a collection so that they can manage its members and contents once created.
Restrict collection deletion to owners and admins
This option interacts with the owner and admin member roles to determine whether only that user population has the ability to delete collections. When on, this option also has downstream impact on the Manage collection permission.
On | When on, only owners and admins can delete collections. Functionally, this option supersedes the ability to delete a collection that would have been granted to members with the Manage collection permission. |
Off | When off, members with any role can delete collections provided they have Manage collection permission over the collection they'd like to delete. |
Restrict item deletion to members with the Manage collection permissions
This option interacts with the Manage collection permission to determine whether only that user population has the ability to delete items. When off, this option also has downstream on the Can edit permissions.
On | When on, only users with the Manage collection permission will be able to delete collection items. |
Off | When off, users with Can edit and Can edit, hidden passwords permissions will also have the ability to delete collection items. |