Admin ConsoleManage Members

Member Roles

Members roles determine what actions users can take within the your organization, for example whether they can invite new users or manage SCIM and SSO configurations. Refer to the table on this page for more information on what actions each role grants.

tip

Member role is distinct from collection permissions.

Member roles can be set when you invite users to your organization or at any time from the Members screen of the Admin Console using the options menu:

Editing member roles
Editing member roles

Role definitions

Member role

Permissions

User

Can access shared items in assigned collections.

Can add, edit, or remove items from assigned collections, unless collections permissions dictate otherwise

Can create and delete collections if permitted by the organization.

Admin

All of the above,
+ Assign users to user groups
+ Create or delete user groups
+ Invite and confirm new users
+ Manage enterprise policies
+ View event logs
+ Export organization vault data
+ Manage account recovery
+ View vault health reports
+ Manage claimed domains
+ Manage SSO configuration
+ Manage device approvals

Your organization's collection management settings may allow Admins to manage all collections.

Owner

All of the above,
+ Manage collections management settings
+ Manage billing, including subscription, payment method, and billing history
+ Manage API key
+ Manage organization two-step login
+ Manage organization information, e.g. name
+ Manage SCIM configuration

Your organization's collection management settings may allow Owners to manage all collections.

Custom (Enterprise only)

Allows for granular control of permitted actions on a user-by-user basis.

note

Only an owner can create a new owner or assign the owner type to an existing user. For failover purposes, Bitwarden recommends creating multiple owner users.

Custom role members

Enterprise organizations can give members a custom role for granular control over permitted actions. Custom role members can have a configurable selection of administrative capabilities, including:

  • Access event logs

  • Access import/export

  • Access reports

  • Manage all collections (provides the following three options)

    • Create new collections

    • Edit any collection

    • Delete any collection

  • Manage groups

  • Manage SSO

  • Manage policies

  • Manage users

    tip

    Custom users with the Manage users permission can manage other custom users, however they can only assign other custom users the permissions that they themselves have.

  • Manage account recovery (may also manage device approval requests)

    note

    Manage account recovery will grant limited access to the Members tab on the Admin Console for access to the Master password reset action.