Controlling access to code
Bitbucket Server provides the following types of permissions to allow fully customizable control of access to code.
Note that you can also:
- allow public (anonymous) access to projects and repositories. See Allowing public access to code.
- use SSH keys to allow user accounts and other systems to connect securely to Bitbucket Server repositories for Git operations. See Using SSH keys to secure Git operations.
Global permissions
Control user and group access to Bitbucket Server projects and to the Bitbucket Server instance configuration. For example, these can be used to control the number of user accounts that can access Bitbucket Server for licensing purposes.
See Global permissions.
Project permissions
Apply the same access permissions to all repositories in a project. For example, these can be used to define the core development team for a project.
See Using project permissions.
Repository permissions
Extend access to a particular repository for other, non-core, users. For example, these can be used to allow external developers or consultants access to a repository for special tasks or responsibilities.
See Using repository permissions.
Branch permissions
Control commits to specific branches within a repository. For example, these can provide a way to enforce workflow roles such as the Release Manager, who needs to control merges to the release branch.
Permissions matrix
The table below summarizes the cumulative effect of the permissions described above for anonymous and logged in users. In general, repository permissions override project permissions. A personal project can not be made public.
Key
Permission | Effect |
---|---|
BROWSE | Can view repository files, clone, pull to local |
READ | Can browse, clone, pull, create pull requests, fork to a personal project |
WRITE | Can merge pull requests |
ADMIN | Can edit settings and permissions |
Global (logged in) | Project | Repository | Branch | Effective permission |
---|---|---|---|---|
Personal | Personal | NA | No access | |
Personal | Public access | NA | BROWSE just that repo | |
No access | No access | NA | No access | |
No access | Public access | NA | BROWSE just that repo | |
Public access | Public access | NA | BROWSE all repos in project | |
Personal | Personal | NA | No access | |
Personal | Public access | NA | READ just that repo | |
No access | No access | NA | No access | |
No access | Public access | NA | READ just that repo | |
Public access | No access | NA | READ all repos in project | |
Public access | Public access | NA | READ | |
Public access | Public access | For this user | READ that branch, no WRITE | |
No access | READ | NA | READ just that repo | |
Public access | READ | NA | READ just that repo | |
READ | No access | NA | READ all repos in project | |
READ | Public access | NA | READ all repos in project | |
READ | READ | NA | READ all repos in project | |
READ | No access | For this user | READ that branch, no WRITE | |
No access | WRITE | NA | WRITE just that repo | |
Public access | WRITE | NA | WRITE just that repo | |
WRITE | No access | NA | WRITE all repos in project | |
WRITE | WRITE | NA | WRITE all repos in project | |
WRITE | WRITE | For other users | WRITE to other branches only | |
ADMIN | Can edit settings and permissions |