Closed
Description
According to https://bitwarden.com/help/article/user-types-access-control/#user-types, org managers should be able to:
- Only administer a collection it is associated with by an Owner or Admin
- Access and manage assigned collections in an organization
- Create new collections and modify the assigned collections
- Set user access for assigned collections
Attempting to create a new collection via the web vault results in
and log messages
[2020-09-12 00:29:38.993][request][INFO] POST /api/organizations/3c8806a6-2359-4c6c-b769-3fe52dab91bb/collections
[2020-09-12 00:29:38.995][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint
[2020-09-12 00:29:38.995][response][INFO] POST /api/organizations/<org_id>/collections (post_organization_collections) => 401 Unauthorized
Attempting to manage an existing collection via the web vault results in the Your login session has expired UI message, and log messages
[2020-09-12 00:31:57.174][request][INFO] GET /api/organizations/3c8806a6-2359-4c6c-b769-3fe52dab91bb/collections/320a942c-d232-4273-96e5-d2c872f8d1d8/details
[2020-09-12 00:31:57.175][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint
[2020-09-12 00:31:57.175][response][INFO] GET /api/organizations/<org_id>/collections/<coll_id>/details (get_org_collection_detail) => 401 Unauthorized
(This issue was first reported at https://bitwardenrs.discourse.group/t/manager-can-not-create-a-collection/287.)