Summary:
Enable more granular permissions for Bitbucket Cloud’s package registry, allowing repository users to have write access to code (branches, PRs) but restrict the ability to push/upload packages (container images, Maven artifacts, etc.).

Current Behavior:

• Package registry permissions are directly tied to repository permissions.

• Users with Write access to a repository can also push to the package registry.

• There is no way to allow users to create branches and PRs without also granting them permission to upload packages.

Desired Behavior:

• Introduce a separate permission or role for package registry actions.

• Allow repository admins to specify which users/groups can push/upload packages, independent of their code write access.

• Example: Developers can have write access for code but only admins (or a specific group) can push to the package registry.

Use Case / Customer Impact:

• Organizations want to restrict who can publish or update packages to ensure only trusted sources (e.g., CI/CD pipelines or admins) can upload artifacts.

• Prevents accidental or unauthorized uploads of packages, improving security and compliance.

• Aligns with best practices in other package management solutions (e.g., GitHub Packages, GitLab Container Registry).