Replies: 18 comments 22 replies
-
I'm not sure if I'm missing something, but I don't see any difference between this and organizations. For now I'll mark this as low priority, and if someone wants to help implement it, I'll merge it. |
Beta Was this translation helpful? Give feedback.
-
To keep the issue tracker more focused, I'm closing this issue in favor of the meta issue at #246. |
Beta Was this translation helpful? Give feedback.
-
this meta issue thing is kind of a stupid idea. i can not really focus on the "groups" discussion, because all topics are mixed up in issue #246. group support is essential for the use of this implementation in organisations. has there been any progress been made on this topic? the "multiple organisations" workaround has the major downside, that datasets can not be shared between organisation. one has to keep track of all the likewise entries in all organisations and keep them synchronized. i do not think, that this is of "low priority". |
Beta Was this translation helpful? Give feedback.
-
There hasn't been any progress in the groups functionality and unless someone steps up to implement it there won't be any, as I have zero interest in implementing this. If you need to share entries between organizations, create a new organization for all the users that need the shared entries. If your organization is so big that doing that becomes unworkable, you probably have enough resources to deploy the official server, and then you'll have your groups. My vision of bitwarden_rs is focused on small to medium deployments, where the implementation of groups really is "low priority". PD: In the future I'd refrain from calling things stupid, there is no need for that language here, we are all volunteering our time for free, you might not like our ideas, but as a minimum they deserve a little respect. |
Beta Was this translation helpful? Give feedback.
-
Well, it seems you totally got me on the wrong foot there. First, i can not see in which relation calling an idea stupid stands to any form of respect for people. I just put out my opinion, and in that, the idea is stupid. Does not have anything to do with you, nor other people contributing to the project. Next, our company, which has round about 25 employees has a "medium deployment", i think. We already have the official server deployed an we also pay for every single license. This is not the point here. I thought, i would bring some insights from your target audience to this open project. And from an administrators point of view, i want to tell you, that groups are a feature, which is used quite often, and makes life so much easier. We have for example interns, which only should be able to look at the "read-only" accounts. We have developers, which need to see all the administration datasets as well as the "read-only" ones, an so forth. Splitting all this up into different organizations would mean, those datasets can not coexist inside the same collection, as collections are organization bound, and therefore would be difficult to find. I hope, at least somebody can relate. love and respect. Mike. |
Beta Was this translation helpful? Give feedback.
-
We are also an SME and would need this feature. Especially in combination with LDAP group policies are necessary to scale a company. |
Beta Was this translation helpful? Give feedback.
-
While I agree, that organizations and collections make groups a nice-to-have instead of a must-have, groups are most likely very nice once you have enough users. |
Beta Was this translation helpful? Give feedback.
-
Ouch, I didn't realize groups were missing. This could actually strongly relate to issues implementing the ldap-connector support I was looking at. Pulling in groups from LDAP becomes a moot point if groups don't exist on the server side to sync them to. |
Beta Was this translation helpful? Give feedback.
-
I find the statement a little bit bewildering. The point is, of course, to be able to add a group of users to a collection, instead of each individual user. What if you've got 50 people in one team and you want to share a collection with them? That you don't want to because you think there's too much effort to be made or don't have the time or whatever is understandable. That you think this is useless functionality for small/medium companies is quite disconcerting. |
Beta Was this translation helpful? Give feedback.
-
In our organization, we didn't see the need for organizations, and we thought it would be confusing to our users, so we called them "groups". But the functionality is actually not the same, and having groups to me is much more interesting that having organizations (even if they are called "groups"...). |
Beta Was this translation helpful? Give feedback.
-
Any well written PR would be welcome. |
Beta Was this translation helpful? Give feedback.
-
Hi @dani-garcia & everybody, I also got an internal request to "activate groups" in our vaultvarden server (for a small company), and had to explain it's not possible for now. Using different organisations as mentioned as workaround is not an option, as none of the password entries nor users would be there (without copying/cloning them manually). I just saw you activated the GitHub sponsoring feature (https://github.com/sponsors/dani-garcia) : how much "sponsoring" do you think it would take to have an implantation of the bitwarden groups feature (https://bitwarden.com/help/article/about-groups/), and would you interested to do it then ? I am convicted many of the vaultwarden users would be happy to help then. Many thanks again for your great work & best regards, Olivier |
Beta Was this translation helpful? Give feedback.
-
Planning a larger than usual deployment here, we are onboarding users slowly and this is a major turnoff. We have multiple depts, we created a cross-dept organisation to allow users to share some passwords but each time we onboard someone we have to manually review each collection to see if the user should be added. |
Beta Was this translation helpful? Give feedback.
-
This a feature that is needed very much indeed, I was just checking to see if anyone has started working on this, or hired someone to do so. |
Beta Was this translation helpful? Give feedback.
-
I cannot fathom why the value of groups (in addition to organisations) is somehow not self-evident to the devs here. The function of any group, whether it's in Vaultwarden/otherwise, in this scope of operation, is to limit access to content. It is commonplace (within the paid version of Bitwarden) to have different groups provide different levels of access to the same collections, and this helps keep access organised for larger amounts of users (hundreds to thousands, etc). Instead of having to manage the permissions each user has to each collection, you just add them to the groups that grant them the access they need, as that is already configured. This drastically reduces the administrative overhead of access control. By having only organisations, and no groups aspect, in Vaultwarden, this effectively puts an artificial cap on how many users can realistically be managed within Vaultwarden before the administrative overhead becomes unwieldy/unreasonable. It is an unrealistic expectation for administrators to manage access to content within Bitwarden without groups, as that means they have to do it per-user, every single time. And multiple organisations does not solve that, as earlier mentioned this means groups within an authentication domain cannot be translated into Vaultwarden. It begs the question, have the devs actually worked in environments where access is delegated by Group membership? Because it sure feels like they haven't. This feature not being considered critical is comedic in nature. I highly recommend this position be changed, and adding group support is likely a one-time effort, not likely to have regular development overhead. |
Beta Was this translation helpful? Give feedback.
-
it's an sql database. i'll see if i can make some sql-scripts like: who's assigned to collection, or assign a list of users to collection, or assign all users to sub-level collections. |
Beta Was this translation helpful? Give feedback.
-
I'm guessing he still doesn't know that the merge request for group support has been merged. And I think it would make sense to reference this here, given that this is the first discussion you come across when you search for it: #2846 Oh, never mind, you did reference it in the previous post. It just doesn't stand out. |
Beta Was this translation helpful? Give feedback.
-
Hello all, the group support is implemented since a few months. Thanks for that @MFijak. On #246 still is a message "NOTE (2022-12-15): This feature has some known issues!" Unfortunately, I cant find any information about the "known issues". What issues are currently known? Or is the information just outdated? BR |
Beta Was this translation helpful? Give feedback.
-
https://help.bitwarden.com/article/groups/
Beta Was this translation helpful? Give feedback.
All reactions