Controlling access to code

Redirection notice

This page will redirect to /display/BitbucketServer/Controlling+access+to+code .

Stash provides the following types of permissions to allow fully customisable control of access to code.

Note that you can also:

Global permissions

  • Control user and group access to Stash projects and to the Stash server configuration.
  • For example, these can be used to control the number of user accounts that can can access Stash for licensing purposes.
  • See Global permissions.

Project permissions

  • Apply the same access permissions to all repositories in a project.
  • For example, these can be used to define the core development team for a project.
  • See Using project permissions.

Repository permissions

  • Extend access to a particular repository for other, non-core, users.
  • For example, these can be used to allow external developers or consultants access to a repository for special tasks or responsibilities.
  • See Using repository permissions.

Branch permissions

  • Control commits to specific branches within a repository.
  • For example, these can provide a way to enforce workflow roles such as the Release Manager, who needs to control merges to the release branch.
  • See Using branch permissions.

Permissions matrix

The table below summarizes the cumulative effect of the permissions described above for anonymous and logged in users. In general, repository permissions override project permissions. A personal project can not be made public.

Key

Permission Effect
BROWSE Can view repository files, clone, pull to local
READ Can browse, clone, pull, create pull requests, fork to a personal project
WRITE Can merge pull requests
ADMIN Can edit settings and permissions
Global
(logged in) 
Project Repository Branch Effective permission
(error) Personal Personal NA No access
(error) Personal Public access NA BROWSE just that repo
(error) No access No access NA No access
(error) No access Public access NA BROWSE just that repo
(error) Public access Public access NA BROWSE all repos in project
(tick) Personal Personal NA No access
(tick) Personal Public access NA READ just that repo
(tick) No access No access NA No access
(tick) No access Public access NA READ just that repo
(tick) Public access No access NA READ all repos in project
(tick) Public access Public access NA READ
(tick) Public access Public access For this user READ that branch, no WRITE
(tick) No access READ NA READ just that repo
(tick) Public access READ NA READ just that repo
(tick) READ No access NA READ all repos in project
(tick) READ Public access NA READ all repos in project
(tick) READ READ NA READ all repos in project
(tick) READ No access For this user READ that branch, no WRITE
(tick) No access WRITE NA WRITE just that repo
(tick) Public access WRITE NA WRITE just that repo
(tick) WRITE No access NA WRITE all repos in project
(tick) WRITE WRITE NA WRITE all repos in project
(tick) WRITE WRITE For other users WRITE to other branches only
(tick) ADMIN     Can edit settings and permissions

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport