Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-22857

Refine App Password scope for fetching data via API

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Issue Summary

      Modify the current requirement for the repository:admin/project:admin scope when fetching data (for example branch restrictions) using the API to use repository:read/project:read instead.

      Expected Results

      For a GET call such as fetching branch restrictions, it is more intuitive and in line with the principle of least privilege to require only the repository:read scope. This scope should be sufficient to read the branch restrictions without granting full admin permissions. The same applies to API calls, which require project:admin permission for example List explicit group permissions for a project

      Actual Results

      When users try to fetch branch restrictions using the API, the app password necessitates the repository:admin scope or project:admin scope

      Attachments

        Activity

          People

            Unassigned Unassigned
            ncsupka Norbert C
            Votes:
            5 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: