Member Roles
Members roles determine what actions users can take within the your organization, for example whether they can invite new users or manage SCIM and SSO configurations. Refer to the table on this page for more information on what actions each role grants.
tip
Member role is distinct from collection permissions.
Member roles can be set when you invite users to your organization or at any time from the Members screen of the Admin Console using the options menu:

Role definitions
Member role | Permissions |
---|---|
User | Can access shared items in assigned collections. Can add, edit, or remove items from assigned collections, unless collections permissions dictate otherwise Can create and delete collections if permitted by the organization. |
Admin | All of the above, Your organization's collection management settings may allow Admins to manage all collections. |
Owner | All of the above, Your organization's collection management settings may allow Owners to manage all collections. |
Custom (Enterprise only) | Allows for granular control of permitted actions on a user-by-user basis. |
note
Only an owner can create a new owner or assign the owner type to an existing user. For failover purposes, Bitwarden recommends creating multiple owner users.
Custom role members
Enterprise organizations can give members a custom role for granular control over permitted actions. Custom role members can have a configurable selection of administrative capabilities, including:
Access event logs
Access import/export
Access reports
Manage all collections (provides the following three options)
Create new collections
Edit any collection
Delete any collection
Manage groups
Manage SSO
Manage policies
Manage users
tip
Custom users with the Manage users permission can manage other custom users, however they can only assign other custom users the permissions that they themselves have.
Manage account recovery (may also manage device approval requests)
note
Manage account recovery will grant limited access to the Members tab on the Admin Console for access to the Master password reset action.