Grant users and groups access

Repository administrators can grant users or groups access to a repository using the Access management page.  Administrators can assign a user or a group any of the following default permissions:

Level This permissions allows a user to do the following:
read View, clone, and fork the repository code. All public repositories grant all Bitbucket Cloud users read permissions automatically. Read access on a repository also allows users to create issues, comment on issues, and edit wiki pages.
write Contribute to the repository by pushing changes directly from a repository on a local machine.
admin Can do everything a repository owner can do. This means administrators can:
  • Change repository settings.
  • Add, change, and remove user permissions.
  • Give other users administrator access.
  • Delete the repository.

You can always change these permissions later.

Granting a User Access to a Repository

To grant a user access to the repository, do the following:

  1. Go to the repository settings  for the Bitbucket repository.
  2. Click Access Management on the left-side navigation.
  3. Locate the Users section of the page for a current list of users with access.
  4. Enter a Bitbucket account name or full name in the text box.
  5. Select a permission from the dropdown box.
  6. Click Add.
Can I add a Team?

You cannot add a team to your repository directly. You can either Change or transfer repository ownership or create a new group and add the specific users you want to that group.

Sending an Invitation

If you want to grant access to a person who does not have a Bitbucket account, you can send an invitation. To do this from the Access Management page:

  1. Locate the invitation link right below the Users list.
  2. Click the link.
    The system displays the Send an invitation dialog:
  3. Enter an email address.
  4. Select what type of Access to grant.
  5. Press Send.
    Bitbucket sends an email to the addressee with an email to contribute to your repo.

    If the addressee does not have a Bitbucket account, then Bitbucket prompts him or her to create one.  Once the addressee has an account, Bitbucket adds the account to the repository with the access you chose when you created the invitation.

To change or delete a user's access

Each user entry on the list has controls for changing a user's level of access and for removing the user all together:

If a user delete his or her account, Bitbucket automatically deletes that user from all repository access lists.

Granting a Group Access to a Repository

You can only add groups to a repository if you own the group (individual account) or administer the group for a team.  Groups consist of one or more members all of which must have a Bitbucket individual account. To add groups, you go to the Account page for an  individual or team account.

  1. Log in to Bitbucket.
  2. Go to a repository for which you have administrative rights (or create a new one).
  3. Click the repository's setttings button.
  4. Choose Access management from the navigation bar.
  5. Add a group from the Select a group drop down.
    The list contains all the groups you have access to either through your individual account or through a team.

Changing Group Permissions 

Bitbucket allows account administrators to grant access to repositories by adding Groups.  When a repository is added to the account, Bitbucket automatically adds any account-level groups that have repository permissions. This means the groups that appear on repository's Access management page may come via the account-level Groups or directly by adding them at the repository-level.  

When a group is added to a repository, either automatically by Bitbucket or manually by a repository administrator, the group has the default permissions defined at the account-level.  Repository administrator's can change group permissions at the repository level or they can remove the group all-together; These are called repository-level permissions.   Once you establish repository-level permissions for a group, these repository-level permissions remain in effect, no matter if account administrators later change the permissions on the account-level.

If account administrators remove a group, the group is removed from every repository to which it has access.  For more information on creating and removing groups, see Manage groups.

How Repository Access Impact Plans and Billing 

What happens when the maximum number of users for an account is exceeded because you have granted repository permissions to a group? If the user count goes over the plan limit for your account, then access becomes read only for all your private repositories. The repository owner and creator still has write access to each repository, and administrators can still administer the repository.

Account owners or repository administrator remove excess users and groups from the account or from its repositories. For more information, see Plans and billing.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

24 Archived comments

  1. User avatar


    Is there a way to grant access **only** to wiki pages? So, our support team can access and mantain reference documentation about our projects.

    15 Feb 2013
    1. User avatar


      I'm sorry, there is no way to do this.

      12 Mar 2013
      1. User avatar

        Eric Anderson

        As a work around within current capabilities, couldn't a team create a distinct but related repository that has no code and grant access to its wiki?

        For example, if repository Foo has the code, what if one created a FooWiki repository?  A group might be created that is for those who have access only to the FooWiki wiki (and its empty repository with no code).  Since this is distinct from repository Foo, the FooWiki users would not have access to the code in the Foo repository.

        I don't doubt that this has limitations or is not ideal, but is there any reason this would not work as a work around for now?


        06 May 2013
        1. User avatar



          That is a one way to work around it, yes. Thanks for suggestion!  


          10 May 2013
  2. User avatar

    Pascal Polleunus

    Are you planning to provide more granular permissions?
    At least to differentiate sources and wiki.

    03 Apr 2013
    1. User avatar


      Pascal, we don't offer this yet.  You can add your voice to the issue for this feature.

      03 Apr 2013
  3. User avatar


    Is it possible to let anyone clone one of my public repositories hosted in bitbucket, anonymously?

    05 Apr 2013
    1. User avatar


      Anyone can clone a public repository anonymously.  Test this for yourself. Log out of Bitbucket and go here:

      The repository is public. Anyone can clone it locally.  Pushing to it though, would require the credentials for the owner.

      05 Apr 2013
  4. User avatar


    Please add more detail to this page regarding the affect of permissions on issue tracking.  Based on our testing users with read access cannot reassign an issue or change its status.  Write access is required for these.

    25 Apr 2013
  5. User avatar


    I am Admin of repository cclteam/POCRepos - I tried to delete a user who is having write access.

    It shows me deleted via User access. But actually its not deleted. I am wondering if this is a known bug or did I try something weired

    16 Jun 2013
    1. User avatar


      Hard to tell from your description. Do you mean the user still appears in the repository's Access management?  

      17 Jun 2013
  6. User avatar


    I've added a user to a repository, user received confirmation by e-mail.
    Still.. The Access management page only lists myself as user. It doesn't save it or is there a bug displaying it?

    26 Sep 2013
  7. User avatar


    Ah.. there is a problem with caching in the ajax request when it requests users that have access. Control + F5 fixed it.

    26 Sep 2013
  8. User avatar

    Dharmesh Rupadia

    IS there any permission which help me to grant the access to collaborate within my network only. I do not wont to allow my team to access repository outside network.

    17 Dec 2013
  9. User avatar


    I have paid to have up to 25 invites to a private repository. It is currently at 21 or so. While all of these 21 are individuals, they are going to be forming teams of 2-3 people (and creating Bitbucket teams to support them). Can I add their team without going over my 25-user count limit? It will be the same people, but I want the team to be able to fork the repo separately from individuals forking the repo. I know that sounds weird, but I have my reasons.

    06 Feb 2014
  10. User avatar

    Trent Clarke

    Is there a way to disable direct-push access to a repo, either globally or for a given user, but still allow that user to merge pull requests in?

    17 Mar 2014
  11. User avatar

    Paul Csiki

    What happens with a user's private forks if you strip a user's rights to the forked repository?

    03 Apr 2014
  12. User avatar

    Frank Wierzbicki

    Small suggestion: adding a picture of the gear icon next to the "Click the repository's settings button." would be helpful. I didn't see it right away. Thanks!

    10 May 2014
    1. User avatar

      Dan Stevens [Atlassian]

      Thanks for taking the time to comment. I've added the settings gear icon to the instructions. (smile)

      Have an awesome day!


      10 May 2014
      1. User avatar

        Frank Wierzbicki

        Wow that was fast!

        10 May 2014
  13. User avatar

    Joe Song

    Is there a way to see what repos a Group has access to? For example, we have a group for contractors on our team and they only need access to certain repos. I'd like to audit what they currently have access to. 

    21 May 2014
    1. User avatar

      Dan Stevens [Atlassian]

      Good day,

      Thanks for taking the time to comment! I am working through our groups API which I think you could use for this purpose. Currently there isn't an easy way to get this information on the site, other than to peruse each repository and look for the Group in question. 

      Oh and don't forget: when you create a repo with the team as owner all the groups are automatically added to that repo. So you will want to go in to the settings and remove groups you don't want to have access.

      I'll post again soon to update what an API curl command might do to help.


      21 May 2014
      1. User avatar

        Dan Stevens [Atlassian]

        So after running a few different paths I believe the best way (other than the previously mentioned check access to each repository individually) is to run the following API command. It can be a bit tricky if you haven't worked with the returned information from an API call and I don't want to be presumptuous in either direction. So if you can't make heads or tails of this, or it does not work for you, you might have to just check every repo your team / account owns for the time being. 

        Okay that said here goes:

        Write the following command into a terminal window:

        You will be prompted for your password.

        What you get back (depending on how you set this up) will be a long block of text. If you have a good text or code editor you should be able to copy from the beginning bracket to the closing bracket and then format it into jason (java?) format and make it readable. What will result will be something like the following (except, very likely, MUCH longer):

        You will want to look for "repo": "teamsinspace/bb101repo": Which is the start section for a repository in your account then the groups are listed by their access rights so in the following example "privilege": "admin", is first.

        Below (or after or beside depending on how your looking at the text) each group listing which will begin with "name": "groupname", in the following example it's "name": "Administrators"

        What will result will be something like the following (except, very likely, MUCH longer):

        I hope that helps.


        21 May 2014
        1. User avatar

          Joe Song

          Finally got around to figuring this out. For others looking at this, the answer is part of the 1.0 API, group-privileges Endpoint#privilegesEndpoint-GETalistofrepositorieswithaspecificprivilegegroup 

          18 May 2015
Powered by Confluence and Scroll Viewport