Site announcement

We are switching off article comments on this website. Read about the upcoming changes to Atlassian Documentation.

Skip to end of metadata
Go to start of metadata

Repository administrators can grant users or groups access to a repository using the Access management page.  Administrators can assign a user or a group any of the following default permissions:

LevelThis permissions allows a user to do the following:
readView, clone, and fork the repository code. All public repositories grant all Bitbucket users read permissions automatically. Read access on a repository also allows users to create issues, comment on issues, and edit wiki pages.
writeContribute to the repository by pushing changes directly from a repository on a local machine.
adminCan do everything a repository owner can do. This means administrators can:
  • Change repository settings.
  • Add, change, and remove user permissions.
  • Give other users administrator access.
  • Delete the repository.

You can always change these permissions later.

Granting a User Access to a Repository

To grant a user access to the repository, do the following:

  1. Go to the repository settings  for the Bitbucket repository.
  2. Click Access Management on the left-side navigation.
  3. Locate the Users section of the page for a current list of users with access.
  4. Enter a Bitbucket account name or full name in the text box.
  5. Select a permission from the dropdown box.
  6. Click Add.
Can I add a Team?

You cannot add a team to your repository directly. You can either Change or transfer repository ownership or create a new group and add the specific users you want to that group.

Sending an Invitation

If you want to grant access to a person who does not have a Bitbucket account, you can send an invitation. To do this from the Access Management page:

  1. Locate the invitation link right below the Users list.
  2. Click the link.
    The system displays the Send an invitation dialog:
     
  3. Enter an email address.
  4. Select what type of Access to grant.
  5. Press Send.
    Bitbucket sends an email to the addressee with an email to contribute to your repo.
     

    If the addressee does not have a Bitbucket account, then Bitbucket prompts him or her to create one.  Once the addressee has an account, Bitbucket adds the account to the repository with the access you chose when you created the invitation.

 

To change or delete a user's access

Each user entry on the list has controls for changing a user's level of access and for removing the user all together:

If a user delete his or her account, Bitbucket automatically deletes that user from all repository access lists.

Granting a Group Access to a Repository

You can only add groups to a repository if you own the group (individual account) or administer the group for a team.  Groups consist of one or more members all of which must have a Bitbucket individual account. To add groups, you go to the Account page for an  individual or team account.

  1. Log in to Bitbucket.
  2. Go to a repository for which you have administrative rights (or create a new one).
  3. Click the repository's setttings button.
  4. Choose Access management from the navigation bar.
  5. Add a group from the Select a group drop down.
    The list contains all the groups you have access to either through your individual account or through a team.

Changing Group Permissions 

Bitbucket allows account administrators to grant access to repositories by adding Groups.  When a repository is added to the account, Bitbucket automatically adds any account-level groups that have repository permissions. This means the groups that appear on repository's Access management page may come via the account-level Groups or directly by adding them at the repository-level.  

When a group is added to a repository, either automatically by Bitbucket or manually by a repository administrator, the group has the default permissions defined at the account-level.  Repository administrator's can change group permissions at the repository level or they can remove the group all-together; These are called repository-level permissions.   Once you establish repository-level permissions for a group, these repository-level permissions remain in effect, no matter if account administrators later change the permissions on the account-level.

If account administrators remove a group, the group is removed from every repository to which it has access.  For more information on creating and removing groups, see Manage groups.

How Repository Access Impact Plans and Billing 

What happens when the maximum number of users for an account is exceeded because you have granted repository permissions to a group? If the user count goes over the plan limit for your account, then access becomes read only for all your private repositories. The repository owner and creator still has write access to each repository, and administrators can still administer the repository.

Account owners or repository administrator remove excess users and groups from the account or from its repositories. For more information, see Plans and billing.

24 Comments

  1. Anonymous

    Is there a way to grant access **only** to wiki pages? So, our support team can access and mantain reference documentation about our projects.

    1. I'm sorry, there is no way to do this.

      1. As a work around within current capabilities, couldn't a team create a distinct but related repository that has no code and grant access to its wiki?

        For example, if repository Foo has the code, what if one created a FooWiki repository?  A group might be created that is for those who have access only to the FooWiki wiki (and its empty repository with no code).  Since this is distinct from repository Foo, the FooWiki users would not have access to the code in the Foo repository.

        I don't doubt that this has limitations or is not ideal, but is there any reason this would not work as a work around for now?

         

        1. Eric,

          That is a one way to work around it, yes. Thanks for suggestion!  

          Mary

  2. Are you planning to provide more granular permissions?
    At least to differentiate sources and wiki.

    1. Pascal, we don't offer this yet.  You can add your voice to the issue for this feature.

  3. Anonymous

    Is it possible to let anyone clone one of my public repositories hosted in bitbucket, anonymously?

    1. Anyone can clone a public repository anonymously.  Test this for yourself. Log out of Bitbucket and go here:

      https://bitbucket.org/tutorials/tutorials.bitbucket.org

      The repository is public. Anyone can clone it locally.  Pushing to it though, would require the credentials for the owner.

  4. Anonymous

    Please add more detail to this page regarding the affect of permissions on issue tracking.  Based on our testing users with read access cannot reassign an issue or change its status.  Write access is required for these.

  5. Anonymous

    I am Admin of repository cclteam/POCRepos - I tried to delete a user who is having write access.

    It shows me deleted via User access. But actually its not deleted. I am wondering if this is a known bug or did I try something weired

    1. Hard to tell from your description. Do you mean the user still appears in the repository's Access management?  

  6. Anonymous

    I've added a user to a repository, user received confirmation by e-mail.
    Still.. The Access management page only lists myself as user. It doesn't save it or is there a bug displaying it?

  7. Anonymous

    Ah.. there is a problem with caching in the ajax request when it requests users that have access. Control + F5 fixed it.

  8. IS there any permission which help me to grant the access to collaborate within my network only. I do not wont to allow my team to access repository outside network.

  9. I have paid to have up to 25 invites to a private repository. It is currently at 21 or so. While all of these 21 are individuals, they are going to be forming teams of 2-3 people (and creating Bitbucket teams to support them). Can I add their team without going over my 25-user count limit? It will be the same people, but I want the team to be able to fork the repo separately from individuals forking the repo. I know that sounds weird, but I have my reasons.

  10. Is there a way to disable direct-push access to a repo, either globally or for a given user, but still allow that user to merge pull requests in?

  11. What happens with a user's private forks if you strip a user's rights to the forked repository?

  12. Small suggestion: adding a picture of the gear icon next to the "Click the repository's settings button." would be helpful. I didn't see it right away. Thanks!

    1. Thanks for taking the time to comment. I've added the settings gear icon to the instructions. (smile)

      Have an awesome day!

       

  13. Is there a way to see what repos a Group has access to? For example, we have a group for contractors on our team and they only need access to certain repos. I'd like to audit what they currently have access to. 

    1. Good day,

      Thanks for taking the time to comment! I am working through our groups API which I think you could use for this purpose. Currently there isn't an easy way to get this information on the site, other than to peruse each repository and look for the Group in question. 

      Oh and don't forget: when you create a repo with the team as owner all the groups are automatically added to that repo. So you will want to go in to the settings and remove groups you don't want to have access.

      I'll post again soon to update what an API curl command might do to help.

       

      1. So after running a few different paths I believe the best way (other than the previously mentioned check access to each repository individually) is to run the following API command. It can be a bit tricky if you haven't worked with the returned information from an API call and I don't want to be presumptuous in either direction. So if you can't make heads or tails of this, or it does not work for you, you might have to just check every repo your team / account owns for the time being. 

        Okay that said here goes:

        Write the following command into a terminal window:

        You will be prompted for your password.

        What you get back (depending on how you set this up) will be a long block of text. If you have a good text or code editor you should be able to copy from the beginning bracket to the closing bracket and then format it into jason (java?) format and make it readable. What will result will be something like the following (except, very likely, MUCH longer):

        You will want to look for "repo": "teamsinspace/bb101repo": Which is the start section for a repository in your account then the groups are listed by their access rights so in the following example "privilege": "admin", is first.

        Below (or after or beside depending on how your looking at the text) each group listing which will begin with "name": "groupname", in the following example it's "name": "Administrators"

        What will result will be something like the following (except, very likely, MUCH longer):

        I hope that helps.

         

        1. Finally got around to figuring this out. For others looking at this, the answer is part of the 1.0 API, group-privileges Endpoint#privilegesEndpoint-GETalistofrepositorieswithaspecificprivilegegroup