starred/vaultwarden

Fork 0

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-02 22:57:18 -05:00

My items collection is not created when enabling Enforce organization ownership #2449

New issue

Closed

opened 2026-02-20 08:17:54 -05:00 by deekerman · 3 comments

deekerman commented

2026-02-20 08:17:54 -05:00

Owner

Originally created by @nnyegaard on GitHub (Nov 24, 2025).

Prerequisites

I have searched the existing Closed AND Open Issues AND Discussions
I have searched and read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.34.3
Web-vault version: v2025.7.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: PostgreSQL
Database version: PostgreSQL 16.11 (Debian 16.11-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
Uses config.json: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: false
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: n/a
Domain Configuration Check: true
HTTPS Check: true
Websocket Check: true
HTTP Response Checks: false

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_DOMAINS_WHITELIST, ORG_CREATION_USERS, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, EMAIL_2FA_ENFORCE_ON_VERIFIED_INVITE, EMAIL_2FA_AUTO_FALLBACK

Failed HTTP Checks:

API calls:
Header: 'referrer-policy' does not contain 'same-origin'
Header: 'content-security-policy' does not contain 'default-src 'none''
Header: 'content-security-policy' does not contain 'manifest-src 'self''
Header: 'content-security-policy' does not contain 'object-src 'self' blob:'
Header: 'content-security-policy' does not contain 'script-src 'self' 'wasm-unsafe-eval''
Header: 'content-security-policy' does not contain 'child-src 'self' https://*.duosecurity.com https://*.duofederal.com'
Header: 'content-security-policy' does not contain 'frame-src 'self' https://*.duosecurity.com https://*.duofederal.com'
Header: 'content-security-policy' does not contain 'frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://*'
Header: 'content-security-policy' does not contain 'img-src 'self' data: https://haveibeenpwned.com'
Header: 'content-security-policy' does not contain 'connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net'
2FA Connector calls:
Header: 'referrer-policy' does not contain 'same-origin'
Header: 'content-security-policy' is present while it should not

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "**********://***********************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**********************",
  "domain_origin": "*****://**********************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "***********************",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "***************,********************,********************,********************",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***************************",
  "smtp_from_name": "IC Vaultwarden",
  "smtp_host": "********************",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.34.3

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

haproxy 2.8.11

Host/Server Operating System

Linux

Operating System Version

Ubuntu 22.04

Clients

Web Vault, Browser Extension, Desktop

Client Version

Desktop client 2025.11.1, Web client 2025.7.0, Firefox extension 2025.8.2

Steps To Reproduce

Create an Organization
Go to the Admin Console of the Organization
Click on setting and Policies
Click on Enforce organization data ownership
Turn on

Expected Result

That users of my organization can see a "My items" collection.

Source: https://bitwarden.com/blog/bring-complete-reporting-and-centralized-control-to-your-organization-vault/

Actual Result

No "My items" collections is created

Logs

Screenshots or Videos

No response

Additional Context

No response

Originally created by @nnyegaard on GitHub (Nov 24, 2025). ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.3 * Web-vault version: v2025.7.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: PostgreSQL * Database version: PostgreSQL 16.11 (Debian 16.11-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: false * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: n/a * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: false ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_DOMAINS_WHITELIST, ORG_CREATION_USERS, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, EMAIL_2FA_ENFORCE_ON_VERIFIED_INVITE, EMAIL_2FA_AUTO_FALLBACK **Failed HTTP Checks:** ```yaml API calls: Header: 'referrer-policy' does not contain 'same-origin' Header: 'content-security-policy' does not contain 'default-src 'none'' Header: 'content-security-policy' does not contain 'manifest-src 'self'' Header: 'content-security-policy' does not contain 'object-src 'self' blob:' Header: 'content-security-policy' does not contain 'script-src 'self' 'wasm-unsafe-eval'' Header: 'content-security-policy' does not contain 'child-src 'self' https://*.duosecurity.com https://*.duofederal.com' Header: 'content-security-policy' does not contain 'frame-src 'self' https://*.duosecurity.com https://*.duofederal.com' Header: 'content-security-policy' does not contain 'frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://*' Header: 'content-security-policy' does not contain 'img-src 'self' data: https://haveibeenpwned.com' Header: 'content-security-policy' does not contain 'connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net' 2FA Connector calls: Header: 'referrer-policy' does not contain 'same-origin' Header: 'content-security-policy' is present while it should not ``` **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "**********://***********************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**********************", "domain_origin": "*****://**********************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "***********************", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "***************,********************,********************,********************", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "***************************", "smtp_from_name": "IC Vaultwarden", "smtp_host": "********************", "smtp_password": null, "smtp_port": 25, "smtp_security": "off", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.34.3 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy haproxy 2.8.11 ### Host/Server Operating System Linux ### Operating System Version Ubuntu 22.04 ### Clients Web Vault, Browser Extension, Desktop ### Client Version Desktop client 2025.11.1, Web client 2025.7.0, Firefox extension 2025.8.2 ### Steps To Reproduce 1. Create an Organization 2. Go to the Admin Console of the Organization 3. Click on setting and Policies 4. Click on Enforce organization data ownership 5. Turn on ### Expected Result That users of my organization can see a "My items" collection. Source: https://bitwarden.com/blog/bring-complete-reporting-and-centralized-control-to-your-organization-vault/ ### Actual Result No "My items" collections is created ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_

deekerman

2026-02-20 08:17:54 -05:00

closed this issue
added the
enhancement

help wanted
labels

deekerman commented

2026-02-20 08:17:56 -05:00

Author

Owner

@BlackDex commented on GitHub (Nov 24, 2025):

Vaultwarden doesn't support this feature.
We just have to wait until someone provides a PR to add this feature.

If I have some time I might take a look at it, but if someone else want's to take a look, be my guest, all the help is welcome.

@BlackDex commented on GitHub (Nov 24, 2025): Vaultwarden doesn't support this feature. We just have to wait until someone provides a PR to add this feature. If I have some time I might take a look at it, but if someone else want's to take a look, be my guest, all the help is welcome.

deekerman commented

2026-02-20 08:17:56 -05:00

Author

Owner

@nnyegaard commented on GitHub (Dec 1, 2025):

Nice thanks for the insight @BlackDex. I hope someone has some time, and if not I guess I have to start my Rust journey somewhere hehe 😅

@nnyegaard commented on GitHub (Dec 1, 2025): Nice thanks for the insight @BlackDex. I hope someone has some time, and if not I guess I have to start my Rust journey somewhere hehe 😅

deekerman commented

2026-02-20 08:17:56 -05:00

Author

Owner

@BlackDex commented on GitHub (Dec 20, 2025):

To keep the issues section clean, and not have it filled with feature requests, I'm going to move this to the Ideas section.

@BlackDex commented on GitHub (Dec 20, 2025): To keep the issues section clean, and not have it filled with feature requests, I'm going to move this to the Ideas section.