User collection permissions not showing in admin console and Manager/Custom role cannot edit #6351
Description
Prerequisites
- I have searched the existing Closed AND Open Issues AND Discussions
- I have searched and read the documentation
Vaultwarden Support String
Your environment (Generated via diagnostics page)
- Vaultwarden version: v1.34.3
- Web-vault version: v2025.7.0
- OS/Arch: linux/x86_64
- Running within a container: true (Base: Debian)
- Database type: PostgreSQL
- Database version: PostgreSQL 15.13 on x86_64-pc-linux-gnu, compiled by Debian clang version 12.0.1, 64-bit
- Uses config.json: true
- Uses a reverse proxy: true
- IP Header check: true (X-Forwarded-For)
- Internet access: true
- Internet access via a proxy: false
- DNS Check: true
- TZ environment: America/Detroit
- Browser/Server Time Check: true
- Server/NTP Time Check: true
- Domain Configuration Check: true
- HTTPS Check: true
- Websocket Check: true
- HTTP Response Checks: true
Config & Details (Generated via diagnostics page)
Show Config & Details
Environment settings which are overridden: DOMAIN, SENDS_ALLOWED, TRASH_AUTO_DELETE_DAYS, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_DOMAINS_WHITELIST, ORG_CREATION_USERS, INVITATION_ORG_NAME, IP_HEADER, DISABLE_2FA_REMEMBER, REQUIRE_DEVICE_EMAIL, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, _ENABLE_EMAIL_2FA
Config:
{
"_duo_akey": null,
"_enable_duo": false,
"_enable_email_2fa": true,
"_enable_smtp": true,
"_enable_yubico": true,
"_icon_service_csp": "",
"_icon_service_url": "",
"_ip_header_enabled": true,
"_max_note_size": 10000,
"_smtp_img_src": "***:",
"admin_ratelimit_max_burst": 3,
"admin_ratelimit_seconds": 300,
"admin_session_lifetime": 20,
"admin_token": null,
"allowed_connect_src": "",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"auth_request_purge_schedule": "30 * * * * *",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_conn_init": "",
"database_max_conns": 10,
"database_timeout": 30,
"database_url": "**********://************************************************************************",
"db_connection_retries": 15,
"disable_2fa_remember": true,
"disable_admin_token": true,
"disable_icon_download": true,
"domain": "*****://*******************",
"domain_origin": "*****://*******************",
"domain_path": "",
"domain_set": true,
"duo_context_purge_schedule": "30 * * * * *",
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"duo_use_iframe": false,
"email_2fa_auto_fallback": false,
"email_2fa_enforce_on_verified_invite": false,
"email_attempts_limit": 3,
"email_change_allowed": true,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 3 * * * *",
"emergency_request_timeout_schedule": "0 7 * * * *",
"enable_db_wal": false,
"enable_websocket": true,
"enforce_single_org_with_reset_pw_policy": false,
"event_cleanup_schedule": "0 10 0 * * *",
"events_days_retain": 180,
"experimental_client_feature_flags": "",
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"http_request_block_non_global_ips": true,
"http_request_block_regex": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"icon_redirect_code": 302,
"icon_service": "internal",
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"increase_note_size_limit": false,
"invitation_expiration_hours": 120,
"invitation_org_name": "North",
"invitations_allowed": true,
"ip_header": "X-Forwarded-For",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"login_ratelimit_max_burst": 10,
"login_ratelimit_seconds": 60,
"org_attachment_limit": null,
"org_creation_users": "**********************************",
"org_events_enabled": true,
"org_groups_enabled": false,
"password_hints_allowed": true,
"password_iterations": 600000,
"push_enabled": false,
"push_identity_uri": "https://identity.bitwarden.com",
"push_installation_id": "***",
"push_installation_key": "***",
"push_relay_uri": "https://push.bitwarden.com",
"reload_templates": false,
"require_device_email": true,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sendmail_command": null,
"sends_allowed": false,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": true,
"signups_domains_whitelist": "*********,*************,***************,**********,*******,***************,*********,********,***********,*********************,*********,************,***********,************************,**************************,************************,*********************,**************************,********************,***********************,********************,********************,********************************",
"signups_verify": true,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_embed_images": true,
"smtp_explicit_tls": null,
"smtp_from": "*****************************",
"smtp_from_name": "Vaultwarden",
"smtp_host": "*********************",
"smtp_password": null,
"smtp_port": 25,
"smtp_security": "off",
"smtp_ssl": false,
"smtp_timeout": 15,
"smtp_username": null,
"templates_folder": "data/templates",
"tmp_folder": "data/tmp",
"trash_auto_delete_days": 180,
"trash_purge_schedule": "0 5 0 * * *",
"use_sendmail": false,
"use_syslog": false,
"user_attachment_limit": null,
"user_send_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"yubico_client_id": "56036",
"yubico_secret_key": "***",
"yubico_server": null
}Vaultwarden Build Version
v1.34.3
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
GCP Application Load Balancer
Host/Server Operating System
Linux
Operating System Version
No response
Clients
Web Vault
Client Version
2025.7.0
Steps To Reproduce
1.) Go to the Admin Console
2.) Select the Organization
3.) Navigate to the Members Page
4.) Review the list of users
5.) See that some (not all) users have the User role and no collections in scope for their access, however they were previously granted access to certain collections, which they can continue to access without issue despite the collections not appearing under their user in the admin console
6.) Secondarily, if a Manager (Custom Role) attempts to edit a user in this state to add a collection to the user the web console doesn't take the change. It does not error or present any issue. It just allows the change to be saved, but it doesn't actually work and does not reflect any collections still in the admin console
7.) If an Admin/Owner performs the same operations as outlined in the above step to edit the collections for a user in this state it all works fine and the user now is properly reflecting the correct collections.
Expected Result
The Admin Console should show the collections a user has access to when delegated specific collections
Actual Result
Some users are showing no collections despite having access to specific collections.
Manager role (Custom) is unable to make changes to users while in this state
Admin/Owner role can make changes to the collections of these users and once this step is performed, then the Manager role can once again manage the user's collection as expected
Logs
This appears to be the only relevant log related to the event
[2025-10-10 08:22:52.947][request][INFO] PUT /api/organizations/65188d2e-b76e-40bc-ba14-35886d7e817f/collections/0142f33a-f05e-418a-8fce-61db7e6ab118
Screenshots or Videos
No response
Additional Context
We recently updated to version 1.34.3
We also recently moved from SQLite to postgresQL following the migration guide.
I am unsure at what point this issue manifested with these two changes.