Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-22857

Refine App Password scope for fetching data via API

XMLWordPrintable

    • 2

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      Modify the current requirement for the repository:admin/project:admin scope when fetching data (for example branch restrictions) using the API to use repository:read/project:read instead.

      Expected Results

      For a GET call such as fetching branch restrictions, it is more intuitive and in line with the principle of least privilege to require only the repository:read scope. This scope should be sufficient to read the branch restrictions without granting full admin permissions. The same applies to API calls, which require project:admin permission for example List explicit group permissions for a project

      Actual Results

      When users try to fetch branch restrictions using the API, the app password necessitates the repository:admin scope or project:admin scope

              Unassigned Unassigned
              ncsupka Norbert Csupka
              Votes:
              5 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: