Controlling access to code
Bitbucket Data Center provides the following types of permissions to allow fully customizable control of access to code.
Note that you can also:
- allow public (anonymous) access to projects and repositories. See Allowing public access to code.
- use SSH keys to allow user accounts and other systems to connect securely to Bitbucket repositories for Git operations. See Using SSH keys to secure Git operations.
restrict changes to repository-level settings to meet your security and compliance needs and ensure code quality. Learn more about how project admins can restrict changes to repository settings
Global permissions
Control user and group access to Bitbucket projects and to the Bitbucket instance configuration. For example, these can be used to control the number of user accounts that can access Bitbucket for licensing purposes.
See Global permissions.
Project permissions
Apply the same access permissions to all repositories in a project. For example, these can be used to define the core development team for a project.
See Using project permissions.
Repository permissions
Extend access to a particular repository for other, non-core, users. For example, these can be used to allow external developers or consultants access to a repository for special tasks or responsibilities.
See Using repository permissions.
Branch permissions
Control commits to specific branches within a repository. For example, these can provide a way to enforce workflow roles such as the Release Manager, who needs to control merges to the release branch.
Permissions matrix
The table below summarizes the cumulative effect of the permissions described above for anonymous and logged in users. In general, repository permissions override project permissions. A personal project can not be made public.
Key
| Permission | Effect |
|---|---|
| Browse | Can view repository files, clone, pull to local |
| Read | Can browse, clone, pull, create pull requests, fork to a personal project |
| Write | Can merge pull requests |
| Create repository | Can create repositories in a project and become repository admins for the repos they create |
| Admin | Can edit settings and permissions |
| Global (logged in) | Project | Repository | Branch | Effective permission |
|---|---|---|---|---|
 | Personal | Personal | NA | No access |
| Personal | Public access | NA | Browse just that repo |
| No access | No access | NA | No access |
| No access | Public access | NA | Browse just that repo |
| Public access | Public access | NA | Browse all repos in project |
 | Personal | Personal | NA | No access |
| Personal | Public access | NA | Read just that repo |
| No access | No access | NA | No access |
| No access | Public access | NA | Read just that repo |
| Public access | No access | NA | Read all repos in project |
| Public access | Public access | NA | Read |
| Public access | Public access | For this user | Read that branch, no Write |
| No access | Read | NA | Read just that repo |
| Public access | Read | NA | Read just that repo |
| Read | No access | NA | Read all repos in project |
| Read | Public access | NA | Read all repos in project |
| Read | Read | NA | Read all repos in project |
| Read | No access | For this user | Read that branch, no Write |
| No access | Write | NA | Write just that repo |
| Public access | Write | NA | Write just that repo |
| Write | No access | NA | Write all repos in project |
| Write | Write | NA | Write all repos in project |
| Write | Write | For other users | Write to other branches only |
| Create repository | No access | NA | Write all repos and create new repos in project. Users become admins of the repositories they create. |
| Create repository | Write | NA | Write all repos and create new repos in project. Users become admins of the repositories they create. |
| Create repository | Write | For other users | Write to other branches only and create new repos in project. Users become admins of the repositories they create. |
| Admin | Can edit settings and permissions |