Summary

Currently, users who are given the "Repo Admin" permission are able to add/invite users to the respective repo. This includes adding users who are already part of the workspace in addition to the ability to invite other users via email. This results in the ability of a repo admin to, potentially maliciously, invite non-organization managed users and influence the workspace's user license count.

Desired Functionality

It would be more secure to either limit the ability of repo admin's to only be able to add users to a repo who were already invited to the workspace by a workspace admin, to allow the workspace admin to set a pre-determined allow list of domains (BCLOUD-19685) that could then be invited at will, or require a workspace admin to approve the invitation requested by the repo admin.

Outcome

Changing this would reduce the security risk of non-managed users gaining access to sensitive repo content in addition to preventing repo admins from expanding the consumed license count.

Current Status

This is currently being reviewed by Atlassian to determine the best route forward. If you have any concerns or opinions on which method may work best for you and your team, please leave a comment below so it can be considered in our review.