Collection Permissions
Collection permissions determine what a group or member can do with items in a particular collection, like modifying items or changing who has access to the collection.
note
These member permissions work together to determine collection access:
Member roles define who can do organization-level actions.
Collection settings specify which member roles can create, manage, or delete collections across the entire organization.
Collection permissions control what actions a specific user or group can take within a single collection.
Assign collection permissions
Collection permissions are set when a member or group is first assigned to a collection. Depending on member roles and collection settings, three types of users can update collection permissions:
Any member with the Manage collection collection permission within a collection can alter the permissions assigned to groups and members for that same collection.
Custom role members granted the Edit any collection permission can alter the collection permissions assigned to groups and members for any collection.
All owners and admins can alter collection permissions for any collection if the Owners and admins can manage all collections and items setting is turned on.
To review or update collection permissions:
Open the collection in your vault.
Select the Arrow icon next to the collection’s name.
Select Access:
Edit collection permissions From the Permission dropdown menu, choose a permission level for that group or member.
Select Save.
tip
Enterprise organizations can review the Member access report to learn which collection(s) members have access to, their level of permission within each assigned collection, and more.
Permissions
The following table lists what each collection permission allows and when collection settings or member roles may affect them. By default, users and groups receive View items permission.
note
While member roles are set at an individual-member level, permissions can be set for an individual member or an entire group. Permissions assigned at the member level will override permissions set at a group level.
Action | View items | View items, hidden passwords | Edit items | Edit items, hidden passwords | Manage collection |
|---|---|---|---|---|---|
View shared items in an assigned collections | |||||
View shared items’ hidden fields in an assigned collection | |||||
Can autofill shared items, including hidden fields |
| ||||
Add items to an assigned collection | |||||
Add items in an assigned collection to a different collection | |||||
Edit items in an assigned collection | |||||
Edit hidden fields in an assigned collection | |||||
Remove items from an assigned collection | |||||
Delete items from an assigned collection | if the Restrict item deletion to members with the Manage collection permission setting is turned off | if the Restrict item deletion to members with the Manage collection permission setting is turned off | |||
Delete an assigned collection | *The user member role cannot delete an assigned collection when the Restrict collection deletion to owners and admins setting is turned on. | ||||
Manage member and group access to an assigned collection | |||||
Export data from an assigned collection |
note
The following member roles can export organization vault data even if they do not have the Manage collection permission:
Owner
Admin
Custom role with the Access import/export permission
warning
Hidden passwords permissions: Users may still use passwords via autofill. While hiding passwords prevents easy copy-and-paste, it does not completely prevent user access to this information. Treat hidden passwords as you would any shared credential.
Next steps
Learn about collections at a conceptual level.
Create a collection that you can add shared items to.
Share items with organization members through your new collection.
Assign groups and members access to your new collection.
Configure collection management settings for your organization.