Controlling access to code

Bitbucket Data Center and Server provides the following types of permissions to allow fully customizable control of access to code.

Note that you can also:

Global permissions

Control user and group access to Bitbucket projects and to the Bitbucket instance configuration. For example, these can be used to control the number of user accounts that can access Bitbucket for licensing purposes.

See Global permissions.

Project permissions

Apply the same access permissions to all repositories in a project. For example, these can be used to define the core development team for a project.

See Using project permissions.

Repository permissions

Extend access to a particular repository for other, non-core, users. For example, these can be used to allow external developers or consultants access to a repository for special tasks or responsibilities.

See Using repository permissions.

Branch permissions

Control commits to specific branches within a repository. For example, these can provide a way to enforce workflow roles such as the Release Manager, who needs to control merges to the release branch.

See Using branch permissions.

Permissions matrix

The table below summarizes the cumulative effect of the permissions described above for anonymous and logged in users. In general, repository permissions override project permissions. A personal project can not be made public.

Key

PermissionEffect
BrowseCan view repository files, clone, pull to local
ReadCan browse, clone, pull, create pull requests, fork to a personal project
WriteCan merge pull requests
Create repositoryCan create repositories in a project and become repository admins for the repos they create
AdminCan edit settings and permissions
Global
(logged in) 
ProjectRepositoryBranchEffective permission
(error)PersonalPersonalNANo access
(error)PersonalPublic accessNABrowse just that repo
(error)No accessNo accessNANo access
(error)No accessPublic accessNABrowse just that repo
(error)Public accessPublic accessNABrowse all repos in project
(tick)PersonalPersonalNANo access
(tick)PersonalPublic accessNARead just that repo
(tick)No accessNo accessNANo access
(tick)No accessPublic accessNARead just that repo
(tick)Public accessNo accessNARead all repos in project
(tick)Public accessPublic accessNARead
(tick)Public accessPublic accessFor this userRead that branch, no Write
(tick)No accessReadNARead just that repo
(tick)Public accessReadNARead just that repo
(tick)ReadNo accessNARead all repos in project
(tick)ReadPublic accessNARead all repos in project
(tick)ReadReadNARead all repos in project
(tick)ReadNo accessFor this userRead that branch, no Write
(tick)No accessWriteNAWrite just that repo
(tick)Public accessWriteNAWrite just that repo
(tick)WriteNo accessNAWrite all repos in project
(tick)WriteWriteNAWrite all repos in project
(tick)WriteWriteFor other usersWrite to other branches only
(tick)Create repositoryNo accessNAWrite all repos and create new repos in project. Users become admins of the repositories they create.
(tick)Create repositoryWriteNAWrite all repos and create new repos in project. Users become admins of the repositories they create.
(tick)Create repositoryWriteFor other usersWrite to other branches only and create new repos in project. Users become admins of the repositories they create.
(tick)Admin

Can edit settings and permissions
Last modified on Jan 31, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.