Cannot add role to user

[JacBra]

Prerequisites

• I have searched the existing Closed AND Open Issues AND Discussions
• I have searched and read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.34.3
• Web-vault version: v2025.7.0
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Alpine)
• Database type: SQLite
• Database version: 3.50.3
• Uses config.json: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• TZ environment: Europe/Amsterdam
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Websocket Check: true
• HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SENDS_ALLOWED, DISABLE_ICON_DOWNLOAD, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, INVITATIONS_ALLOWED, PASSWORD_ITERATIONS, SHOW_PASSWORD_HINT, INVITATION_ORG_NAME, ICON_BLACKLIST_NON_GLOBAL_IPS, _ENABLE_YUBICO, _ENABLE_DUO, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME

Config:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": false,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://************",
  "domain_origin": "*****://************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": "************",
  "hibp_api_key": null,
  "http_request_block_non_global_ips": false,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": false,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "VPO",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": false,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "******,**********",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "************",
  "smtp_from_name": "Vault",
  "smtp_host": "***********",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "*.*.*.*",
  "yubico_secret_key": "***",
  "yubico_server": "*.*.*.*"
}

Vaultwarden Build Version

1.34.3

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Apache/2.4.64

Host/Server Operating System

Linux

Operating System Version

Fedora CoreOS 42

Clients

Web Vault

Client Version

Firefox 143.0.1 and Microsoft Edge 140.0.3485.81

Steps To Reproduce

1. Go to 'Admin Console'
2. Click on 'Members'
3. Click on 'Collections' settings for one of the members
4. Add a collection, and click 'Save'

Expected Result

Collection is added to the member

Actual Result

I get logged of and get redirected to the logon page

Logs

[2025-09-25 11:21:29.754][request][INFO] GET /api/organizations/57586e63-4037-4e8f-8a2f-3f407edbeaf4/collections/details
[2025-09-25 11:21:29.754][request][INFO] GET /api/organizations/57586e63-4037-4e8f-8a2f-3f407edbeaf4/users/301ffed7-d0b9-4113-8445-0a6d64ea5c50?includeGroups=true
[2025-09-25 11:21:29.757][response][INFO] (get_user) GET /api/organizations/<org_id>/users/<member_id>?<data..> [2] => 200 OK
[2025-09-25 11:21:29.757][response][INFO] (get_org_collections_details) GET /api/organizations/<org_id>/collections/details => 200 OK
[2025-09-25 11:21:36.398][vaultwarden::api::core::two_factor][DEBUG] Sending notifications for incomplete 2FA logins
[2025-09-25 11:21:36.398][vaultwarden::api::core::accounts][DEBUG] Purging auth requests

Screenshots or Videos

No response

Additional Context

No response

[BlackDex]

If you are logged out then you either do not have the correct rights/rolls. Or something is off with the auth.

Also do logs are not from the action you describe. Could you provide the logs from when doing that specific action?