Member Roles
Members roles determine what actions users can take within the your organization, for example whether they can invite new users or manage SCIM and SSO configurations. Refer to the table on this page for more information on what actions each role grants.
tip
Member role is distinct from
Member roles can be set when you
Role definitions
Member role | Permissions |
|---|---|
User | Can access shared items in assigned collections. Can add, edit, or remove items from assigned collections, unless Can create and delete collections |
Admin | All of the above, Your organization's |
Owner | All of the above, Your organization's |
Custom (Enterprise only) | Allows for granular control of permitted actions on a user-by-user basis. |
note
Only an owner can create a new owner or assign the owner type to an existing user. For failover purposes, Bitwarden recommends creating multiple owner users.
Custom role members
Enterprise organizations can give members a custom role for granular control over permitted actions. Custom role members can have a configurable selection of administrative capabilities, including:
Access event logs
Access import/export
Access reports
Manage all collections (provides the following three options)
Create new collections
Edit any collection
Delete any collection
Manage groups
Manage SSO
Manage policies
Manage users
tip
Custom users with the Manage users permission can manage other custom users, however they can only assign other custom users the permissions that they themselves have.
Manage account recovery (may also manage device approval requests)
note
Manage account recovery will grant limited access to the Members tab on the Admin Console for access to the Master password reset action.