Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
Description
HTTP access tokens can currently be used to use the REST API, but also access the repository data itself via git etc.
We would love to see a permission setting that allows us to limit the token to only allow read-only access using the REST API.
Any further repository actions (pull/push) we wish to do using SSH for more granular control.
Additionally, the permission feedback (HTTP access token page) does not list or mention REST API access specifically anywhere. See https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html