Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12800

Need the ability to prevent unlicensed users from being added to project or repository permissions via API

    XMLWordPrintable

Details

    • 0
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Currently when adding a user to either a project or repository via the GUI you are not able to add an unlicensed users because those users don't show up when typing usernames.

      However, when using the REST API there is no restriction and unlicensed users can be added to either projects or repositories. This is considered a security risk and an audit failure.

      The request is to make this something that is configurable. We would like to have the ability to disable adding unlicensed users to projects or repositories via the REST API.

      A GUI based checkbox that doesn't require a system restart would be the best option but the ability to add an option to bitbucket.properties is second best.

      We are unable to create custom plugins so the suggestion from Support to develop a plugin that squashes requests to RepositoryPermissionGrantRequestedEvent and ProjectPermissionGrantRequestedEvent when the user is not licensed is not possible for us.

      Attachments

        Activity

          People

            Unassigned Unassigned
            cdrummond Craig Drummond
            Votes:
            7 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: