Open brianmay opened 7 years ago
avinci
commented
7 years ago I am not sure if bitbucket has changed their policy, but the last time I checked, it was an all or nothing. You are right we do not need to have some of the permissions you mentioned. If they do have fine grained scopes, we will be happy to implement.
brianmay
commented
7 years ago Thanks. I was worried that it might be a bitbucket issue, would be good to verify.
Some background: we have a large number of projects for different clients. Some user's have admin rights to all of these projects. If these user's connect to shippable using their existing bitbucket credentials, they will be giving shippable full admin rights to all our projects. Our DevOps team is nervous about granting shippable full privilege to all our projects, including many projects that never will be managed by shippable.
The alternative option - everyone connecting to shippable must do so via an alternate user(s) that has restricted access to only the repositories that are managed by shippable - is likely to be clumsy at best.
I do understand however that you have to work with the API and access controls that bitbucket provide.
avinci
commented
7 years ago I just verified that bitbucket has implemented fine grained perms in the recent past. We are going to implement that in the next sprint. For now, you could use the workaround of creating restricted access account and we will get this in 5.3.2
Hello,
Our DevOps team has raised the issue that the bitbucket permissions asked for seem to be excessive:
As far as I call tell, most of these permissions should be be required. Do you really need to be able to modify repositories, pull requests and membership information? Read and modify issues, snippets, and wikis? Delete repositories? Transfer repositories?
Regards