Collection Management
Collections gather together logins, notes, cards, and identities for secure sharing from an organization. Think of collections as organization-equivalents to folders, with a few key differences:
Organization users control access to organization-owned items by assigning users or groups to collections.
Organization-owned items must be included in at least one collection.
tip
If you're self-hosting, set your collection management settings in your cloud organization and then update your self-hosted server's license to carry those settings over to your self-hosted organization.
Collection management settings can be customized to best fit the needs of your organization. Specifically, there are options located in the Admin Console on the Settings → Organization info view which you can use to:
note
Starting on March 3, 2024, organizations that haven't turned on collection management will begin to be migrated in batches to an updated permissions structure. If not migrated yet, your organization will be within the next few weeks or if you manually turn on collection management.
During migration, all Managers are migrated to members with the User role and automatically provided with a new Can manage permission over assigned collections. They will retain the ability to fully manage those collections, including the ability to assign new members or groups access. This will also:
Migrate members with a custom role that includes Edit assigned collections to the User role with Can manage permission over those collections.
Migrate members with a custom role with only Delete assigned collections to the User role with no permission over those collections.
Deprecate the Access all existing and future collections permission and granted all users that had this permission Can manage permission for all existing collections.
Owners and admins can manage all collections and items
This option will dictate whether members with the owner or admin role are automatically provided management permissions to all collections, and the items therein, in your organization.
With this option turned off, cannot automatically be accessed or changed by an owner or admin. Owners and admins will only have access to collections to which they have permissions directly assigned.
When this option is turned off, an Add Access badge will be displayed in the Collections view for any collection that does not have a member with Can manage permission assigned to it. Owners and admins will temporarily gain access to these collections until they assign a member Can manage permission to them.
With this option turned on, owners and admins will be able to add, edit, view, or remove vault items from any collection, add or remove members and groups from any collection, and delete a collection outright from the Admin Console.
tip
This option is suited for you if, for example, your IT team requires access to all vault items associated with your organization for regular auditing.
Limit collection creation and deletion to owners and admins
This option will dictate whether organization members with the User role are provided with the ability to manage collections.
With this option turned off, users will be freely allowed to create, manage, and delete collections for themselves and their teams. Members who create a collection will automatically have Can manage permission over that collection. They can therefore assign new members or groups access, including adding other members with Can manage permission.
With this option turned on, your owners and admins will be required to create your organization's collections infrastructure on behalf of your users but can also assign individual users to manage the items and people in those collections once created.
tip
Even if turned on, any user can still be granted Can manage permission for a collection so that they can manage its members and contents once created.