github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-12 01:45:56 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

Custom User role not able to delete collection for which assigned manage permission #5993

New Issue
Closed
opened 2026-03-07 20:45:07 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-03-07 20:45:07 -06:00
Owner
Copy Link

Originally created by @jpVm5jYYRE1VIKL on GitHub (Aug 6, 2025).

Prerequisites

Vaultwarden Support String

issue not related to any crashes and do not require any trace

Vaultwarden Build Version

1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

nginx

Host/Server Operating System

Linux

Operating System Version

No response

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Well let say that exist user which have custom permission to manage some collections .
But in reality such user not able to delete collection for which he is manager.
Organisation link even not appear in user web ui.
If to assign for user permission to be able to manage all collecion then organisation link appear in users web ui but user also able to manege and delete any collection in organisation which it extremely huge security problem.

  1. Create organisation
  2. create some collections : collection1 , collection2, collection3
  3. create user with custom permission role
  4. assign for user permission to be manager of one of collections
  5. Login as user to web ui
  6. you not able to do any management of collection because not exist link to Admin Console for such user

Expected Result

User must be able to manage collection where he assigned to be manager and must be able to delete collation for which he is manager.

Actual Result

User cannot do anything with collection except adding password or delete passwords.

Logs

Screenshots or Videos

No response

Additional Context

No response

Originally created by @jpVm5jYYRE1VIKL on GitHub (Aug 6, 2025). ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String issue not related to any crashes and do not require any trace ### Vaultwarden Build Version 1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy nginx ### Host/Server Operating System Linux ### Operating System Version _No response_ ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce Well let say that exist user which have custom permission to manage some collections . But in reality such user not able to delete collection for which he is manager. Organisation link even not appear in user web ui. If to assign for user permission to be able to manage all collecion then organisation link appear in users web ui but user also able to manege and delete any collection in organisation which it extremely huge security problem. 1. Create organisation 2. create some collections : collection1 , collection2, collection3 3. create user with custom permission role 4. assign for user permission to be manager of one of collections 5. Login as user to web ui 6. you not able to do any management of collection because not exist link to Admin Console for such user ### Expected Result User must be able to manage collection where he assigned to be manager and must be able to delete collation for which he is manager. ### Actual Result User cannot do anything with collection except adding password or delete passwords. ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
GiteaMirror added the bug label 2026-03-07 20:45:07 -06:00
GiteaMirror commented 2026-03-07 20:45:08 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Aug 6, 2025):

That is a works-as-intented.

Vaultwarden does not support Can Mange for user rolls at the moment.
Only Managers support Can Manage, and Admins and Owners have full permissions always.

Vaultwarden does not have a fine grained access control configured the same as Bitwarden does.
This might change in the future once we add those features. But for now, it works fine as how we intended it.

@BlackDex commented on GitHub (Aug 6, 2025): That is a works-as-intented. Vaultwarden does not support `Can Mange` for user rolls at the moment. Only Managers support `Can Manage`, and Admins and Owners have full permissions always. Vaultwarden does not have a fine grained access control configured the same as Bitwarden does. This might change in the future once we add those features. But for now, it works fine as how we intended it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#5993
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?