4 Levels of Bitbucket Server Permissions
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.
Bitbucket Server provides 4 levels of permissions administered through the web interface. All permissions can be set on a user or user group basis. User groups (i.e., contractors, senior developers, etc) can be used to simplify managing permissions. To learn more, see Users and Groups.
The hierarchy of permissions are as follows:
- Global Permissions: These allow you to define who can log into Bitbucket Server, who can create projects and repositories, who the admins are, and who the system admins are:
- Bitbucket User: Can log in to Bitbucket and access projects which have explicitly granted permission to this role. Note that all Bitbucket users will count towards your license limit.
- Project Creator: Can create new projects and repositories. To foster collaboration, we recommend granting project creation permissions to as many users as possible.
- Admin: Has access to most settings required to administer Bitbucket on a daily basis. Can add new users, administer permissions and change general application settings. Administrators have full access to all projects and repositories.
- System Admin: Has full control over Bitbucket - can modify system configuration properties and all application settings, and has full access to all projects and repositories. We recommend granting this permission to as few users as possible.
- Project Permissions: These allow you to manage access to repositories within a project in an aggregated way. You can grant read, write, and admin permissions:
- Admin: Can administer the project and create new repositories. Administrators have complete access to all repositories in the project.
- Create repository: Can create repositories within the project. Users will become admins of the repositories they create. All activities permitted by Write are allowed by the Create repository permission as well.
- Write: Can push to any repository within the project and merge pull requests targeting these repositories which don't have other restrictions. All activities permitted by read access are granted to write users as well.
- Read: Can clone, browse and fork any repository within the project. Can create and contribute to pull requests targeting any of these repositories.
- Repository Permissions: These allow you to manage access to a repository for an individual user or a user group beyond that already granted from Project Permissions. You can grant read, write, and admin permissions on a per repository basis.
- Admin: Can administer the repository. All activities permitted by read and write access are granted to admin users as well.
- Write: Can push to the repository and merge pull requests targeting the repository which don't have other restrictions. All activities permitted by read access are granted to write users as well.
- Read: Can clone, browse and fork the repository. Can create and contribute to pull requests targeting the repository.
- Branch Permissions: Branch permissions provide another level of security in Bitbucket, with user authentication and project, repository and global permissions, that together allow you to control or enforce your own workflow or process.
You can control the actions that can be performed on the following things within a repository or project:
- A single branch name
- A branch pattern
- A branch model (Development, Bugfix, Feature, Hotfix, Release)
The restrictions that can be applied to them are: - Prevent all changes, except when they are performed by specific users, groups, or access keys
- Prevent deletions, except when they are performed by specific users, groups, or access keys
- Prevent rewriting history, except when it is performed by specific users, groups, or access keys
- Prevent changes without a pull request, except when they are performed by specific users, groups, or access keys