You do not have permission to create a repository within the project
Problem
If you own a Bitbucket Server instance that is older than the 3.2 release, moving an account to a different "OU" or losing the connectivity to the LDAP User Directory will make Bitbucket Server lose visibility of this AD account.
If you re-add the account to the correct OU or recover the account, Bitbucket Server will show the account again, but his old permissions/user access won't be in Bitbucket Server anymore. Adding the user back via global permissions and granting him permission on the Projects again will work as expected.
However, in some circumstances, when the user tries to create a personal repository it will get a message like:
You do not have permission to create a repository within the <Username> project
This error can also be perceived as:
401 You are not permitted to view this page
Both error messages have the same root cause and this issue needs to be manually fixed on the database.
Diagnosis
The queries below show which usernames are explicitly given project admin permissions to their own personal repository. Therefore, all users who have the right "PROJECT_ADMIN" permissions to their personal space are shown. Hence, if the query below doesn't return the user which is facing the described symptom, it means that it needs to be fixed.
Cause
In more recent version of Bitbucket, this issue has been identified as causing this problem: BSERV-10802 - Getting issue details... STATUS
The loss of permissions due to loss of connections to LDAP is fixed in Bitbucket Server 3.2.0: BSERV-4631 - Getting issue details... STATUS
Resolution
The database structure of Bitbucket Server can be changed on upgrades without discretion. If you are unsure about changing your database or you had errors running the queries above (in the Diagnosis), please file an issue with Atlassian Support before running the transaction described in the Resolution. Always remember to backup your instance before any database change as we recommend on:
The permissions might be cached thus the database change might not immediately resolve the error message the user is experiencing.
There are 2 options to repopulate the cache after the database change:
- Restart Bitbucket Server
or
- Grant and then revoke a new permission to a project, repo, or even a Global Permission via the UI for the affected user.