Status: Closed (View Workflow)
Affects Version/s: 4.8.0, 5.0.0, 6.1.0, 5.16.7, 6.4.1
Support reference count:1
Symptom Severity:Severity 2 - Major
Bug Fix Policy:
If once licensed users have an SSH key added to their profile, it is still possible for them to push the code once the license had been removed. However, it is not possible to pull the code.
- Create a new user.
- Add any Global Permission to the user granting write access to a repository.
- Add an SSH key to users' profile.
- Clone a repository over SSH with that user.
- Push and pull some code.
- Remove the Global permission from the user so it becomes unlicensed.
- Try to pull the code - no permission
- Add some files.
- Try to push the code - successful
Ad 7. Try to pull the code - no access to the repo. The code can't be pulled, as the user is not licensed. - working as expected
Ad 9. Try to push the code - no access to the repo. The code shouldn't be pushed, as the user is not licensed. - does not work as expected
Ad 7. Try to pull the code - no access to the repo. The code can't be pulled, as the user is not licensed.
Ad 9. # Try to push the code - it is possible to push the code with an unlicensed user over SSH.
Git Pull with unlicensed user:
Adding a new file and pushing it with unlicensed user:
Tested in Bitbucket 6.1.x and 6.4.1
Currently, there is no known workaround, as removing SSH access completely doesn't seem to be feasible.