More granular Repository User permissions (e.g. Custom Roles)

########################

PM Update (May 2021)

We are working on introducing Project Permissions and Settings in 2021. This will change how many things are configured in Bitbucket today.

• We plan to change who can transfer a repository based on project permissions
• We plan to change who can create projects and repos within projects
• Setting configurations at project level removes need to change settings on every repository.

Adding new roles to Bitbucket has been discussed but we are not focusing on adding anything until we have changed the current model to support projects

#########################

It would be good if there were more granular options for defining user roles for workspaces and repositories. Right now, at the repository level you can have "Read", "Write", or "Admin" permissions. But it would be nice if you had more control/granularity over this so you can have users who can control some repository settings, but not all.

For example, some users would want to be able to allow users to manage repository settings like webhooks, or branch permissions, but wouldn't want to allow users to be able to delete or transfer the repository. Right now, the only way a user can manage repository settings like webhooks or branch permissions for example is if they have admin access to the repository, but that also allows them to delete or transfer the repository.

 Edit by 0298b2749e0b: It would also be great to add this granularity to the Workspace level access. At the moment, users are only able to create projects if they have workspace administrative access, which would also allow them to update the workspace name, plan, groups...

Edit by fstefanelli@atlassian.com: Following the same granular logic permission, add the possibility to grant or restrict access to specific branches and/or files.

Edit by gmarcolino+atlassian_conflict: Following the granular logic permission, add the ability to restrict which users can be listed as Pull Request reviewers.

Edit by gmarcolino+atlassian_conflict: Following the granular logic permission, add the ability to restrict which users can create/manage projects.

Suggestion: It will be good if workspace privacy is set to private, project privacy should also be private by default or grey out the option for project ADMINS.

Edit by 57b7f67f3625: We have had a user reach out to suggest an admin role that can manage settings without being able to commit code to the repository, like an IT team member who is not a repository contributor

Edit by 9cc073eb116c : Customers would like to add read-only permissions for viewing workspace structure. i.e. View who is in a group but not edit them.