組織のコレクションを管理するための柔軟なオプション
Bitwarden Password Managerの組織所有者は、コレクション管理のための3つの切り替え可能な設定にアクセスできます。これらはそれぞれコレクションの動作に影響し、コレクションと保管庫アイテムの管理方法に柔軟なオプションをいくつか提供します。これにより、完全なセルフサービス、最小権限ポリシー、厳格な管理者の監視など、さまざまな管理アクセス戦略が可能になる。
所有者と管理者はすべてのコレクションとアイテムを管理できます
この設定をオンにすると、管理者ロールは、すべてのコレクションとその中の保管庫アイテムを表示、編集、および管理する能力を持つようになります。この設定をオフにすると、管理者ロールは直接コレクション権限が割り当てられているコレクションにのみアクセスできるようになります。
コレクションの作成をオーナーと管理者に限定する
このオプションがオンの場合、管理者ロールは、組織内でコレクションを作成できる唯一のメンバーになります。このオプションをオフにすると、組織内の全メンバーがコレクションを作成できるようになります。
コレクションの削除を所有者と管理者に限定する
このオプションがオンの場合、管理者ロールは、組織内でコレクションを削除できる唯一のメンバーになります。このオプションがオフの場合、コレクションを管理できる権限を持つ組織内の全メンバーが、そのコレクションを削除できるようになります。
How these settings affect your organization
All options checked
Owners and Administrators have access to everything in the organization vault, and only they can create and delete collections.
Empowers the administrator to set up collections as the organization needs
Gives administrators the visibility and access to make changes to all vault items
First option unchecked, second and third option checked
Administrators will be able to see that a collection exists, but cannot access it or the items therein unless they have been given permissions by a user with the Manage collection permission for that collection. Admins alone can create a collection and they’ll automatically receive the Manage collection permission, but can then pass that off to a designated collection manager to populate. Only admins will be able to delete collections, regardless of Manage collection permissions.
Great middle ground between full admin control and user self-serve
Admins can create the structure of the organization and then let the users work in that space
Helps adhere to a policy of least-privilege - administrators can be assigned to low-sensitivity collections, but not to confidential ones
First option checked, second and third options unchecked
Users can create and delete their own collections, and administrators are able to access those collections. This allows for a self-serve approach with admin supervision.
Users can handle their own work without contacting administrators
Admins can intervene in case something unexpected comes up, such as the collection manager going out on leave
Users will automatically receive the Manage collection permission for organizations they create, and the Manage collection permission is required to delete a collection
Tip: Get more granular control by adjusting the second or third options to choose whether to allow users to create OR delete collections.
Fourth option checked/unchecked
The fourth option adjusts the permission level for deleting items. Leaving this unchecked is beneficial for self-serve setups where team members are able to manage themselves with minimal interaction with admins. Checking this will require escalation to users with the Manage collection permission to delete items, which is useful when an item is shared in more than one collection and admins have an opportunity to simply remove it from the collection to ensure to disruption to users utilizing the other collection.
All options unchecked
This is the default for new organizations. Administrators will only be able to see that a collection exists and the collection structure of the organization. Users can create and delete their own collections without needing to contact administrators. Administrators cannot see the contained vault items unless a user with the Manage collection permission assigns them permission. Users with the Edit items collection can send collection items to the organization trash.
Allows for full user self-serve
Useful for large organizations with many small teams with lots of collections
Helps adhere to a principle of least-privilege policy
A great use-case for this setup would be for the Enforce organization data ownership policy, where a user must store their own passwords in the organization vault, but can do so inside a private collection.
Tip: Administrators will automatically receive access to orphaned collections if there are no users with Manage collection access.
Get started with Bitwarden
Start a free 7-day business trial and experience the flexibility of Bitwarden collections and the other great benefits of a business password manager today!