Bitbucket guardrails

Administer Bitbucket Data Center

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Background

We’re committed to supporting the needs of our largest customers, and this includes continually improving the performance and scalability of our products. The amount of data in your instance can be a factor in performance and stability problems. As your instance grows, so does your risk of performance degradation over time. Often this is a gradual degradation and can go unnoticed until you reach a point where it has a significant impact on your team.

In the table below, we’ve described the performance and stability impacts that we’ve observed and suggested some actions you can take to reduce your risk. The guardrails are based on real-world experiences with some of our largest customers, but won’t necessarily be representative of every organization’s experience.

Ways you can reduce the risk of experiencing serious performance and stability problems may include:

  • application changes, such as upgrading to a newer application version to get the benefit of performance improvements, or changing the way users are managed.

  • infrastructure changes, such as increasing memory, CPU, or running a cluster or mirrors.

  • data cleanup activities to reduce your footprint, such as archiving or breaking up monolith sites.

It’s important to note that these aren’t hard limits, and some of your product instances may already exceed these thresholds. There are a number of factors, including the interplay between different data types, and site load, which will influence whether you experience the potential impacts listed below, and to what degree. As with any type of risk, it’s essential to identify the risk and make a plan, so you can prioritize those actions that will help you reduce the probability of future performance problems.

Definition

Product Guardrails are data type recommendations designed to help you identify potential risks and aid you making decisions about next steps in your instance optimization journey.

Bitbucket guardrails

The following guardrails are provided to help you identify and mitigate scale risks, and make decisions about cleaning up your instance.

LDAP users

Content type

Total number of users synchronized between LDAP and Bitbucket

Guardrail

If using Microsoft Active Directory:

  • 100,000 users

If using another connector:

  • 70,000 groups

How to find this number

How to get the number of users, groups, and nested groups in Bitbucket Data Center and Server

If you’re not able to get this number from your user directory, you could try the workaround described in How do I find which users count against my Bitbucket license

Risks

We've observed these problems when operating above this guardrail:

  • Instance instability, including performance degradation and potential outages when Bitbucket is under high load.
  • Directory synchronization takes a long time.
  • User authentication can take longer than expected.

Mitigation options

LDAP groups

Content type

Total number of groups synchronized between LDAP and Bitbucket

Guardrail

If using Microsoft Active Directory:

  • 30,000 users

If using another connector:

  • 20,000 groups

How to find this number

How to get the number of users, groups, and nested groups in Bitbucket Data Center and Server

Risks

We've observed these problems when operating above this guardrail:

  • Instance instability, including performance degradation and potential outages when Bitbucket is under high load.
  • Directory synchronization takes a long time.
  • User authentication can take longer than expected.
  • Application access and group management admin screens can become unresponsive.

Mitigation options

Depth of nested groups

Content type

Number of levels of hierarchy when groups are nested

Guardrail

4 levels deep.

We also recommend groups do not contain a mix of users and other groups, as this can also influence performance. 

How to find this number

How to get the number of users, groups, and nested groups in Bitbucket Data Center and Server

Risks

We've observed these problems when operating above this guardrail:

  • Instance instability, including performance degradation and potential outages when Bitbucket is under high load.
  • Directory synchronization takes a long time.
  • User authentication can take longer than expected.

We’ve also observed that instances with a large number of groups and/or complex nested groups, often have a very complicated permission structure, which can also impact performance.

Mitigation options

  • Change the group structure in your directory to avoid having too many levels of nesting.
  • Change the group structure in your directory so that groups only contain either users or other groups.

Permission grants

Content type

Number of permissions granted

Guardrail

Number of:

  • group global permissions: 10,000
  • group project permissions: 200,000
  • group repository permissions: 200,000
  • user global permissions: 10,000
  • user project permissions: 200,000
  • user repository permissions: 200,000

How to find this number

To find this number:

  1. Navigate to Administration > Troubleshooting and support tools.
  2. Select System information.

The number is displayed in the Permissions section under Permission counts.

Risks

We've observed these problems when operating above this guardrail:

  • Poor performance or timeouts when using user/group selectors.
  • Delays to all requests due to slow authorization checks.
  • High database load, resulting in performance impact to other requests involving database queries.

Mitigation options

  • Rather than granting permissions at the repository level to all repositories in a project, grant them at the project level.
  • Grant permissions to groups that contain multiple users rather than to individual users when possible.
  • Cleanup redundant permissions. For example:
    • Where a user or group has permission on a repository and also on the project that contains the repository, the repository-level permission grant is redundant.
    • Where a user is granted a permission on a repository or project, and is also granted the same permission via a group, the user permission grant is redundant.
Last modified on Feb 7, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.