Admin ConsoleManage Members

Member Roles

Members roles determine what actions users can take within the your organization, for example whether they can invite new users or manage SCIM and SSO configurations. Refer to the table on this page for more information on what actions each role grants.

tip

Member role is distinct from collection permissions.

Member roles can be set when you invite users to your organization or at any time from the Members screen of the Admin Console using the options menu:

Editing member roles
Editing member roles

Role definitions

note

Only an owner can create a new owner or assign the owner type to an existing user. For failover purposes, Bitwarden recommends creating multiple owner users.

Custom role members

Enterprise organizations can give members a custom role for granular control over permitted actions. Custom role members can have a configurable selection of administrative capabilities, including:

  • Access event logs

  • Access import/export

  • Access reports

  • Manage all collections (provides the following three options)

    • Create new collections

    • Edit any collection

    • Delete any collection

  • Manage groups

  • Manage SSO

  • Manage policies

  • Manage users

    tip

    Custom users with the Manage users permission can manage other custom users, however they can only assign other custom users the permissions that they themselves have.

  • Manage account recovery (may also manage device approval requests)

    note

    Manage account recovery will grant limited access to the Members tab on the Admin Console for access to the Master password reset action.