Allow certain non-admin Bitbucket users to add users to certain groups (BB-15037)

Issue #12062 open
Zoltán Lehóczky
created an issue

I'd like to allow lead developers to be able to give other users access to the repos of the projects they lead.

E.g. we have "Good Lead Developer" who is not a company (i.e. Bitbucket team)-wide admin, but leads "Big Project". Now we have a "Big Project developers" user group with write access to all the Big Project repos. I'd like to allow Good Lead Developer to be able to add new users (from the team) to the Big Project developers user group. I don't want Good Lead Developer to be able to similarly administer any other user group and I don't want project team members to be added directly to repos (instead of user groups).

This doesn't seem to be possible now: you can either give a user group full admin access to all repos of a team, or the group can have admin access to certain repositories. The latter one however is not sufficient: this way they could only add people to the repos directly, not via user groups (which is generally a bad practice).

Maybe #2323 will also solve this?

Comments (9)

  1. Maxime Lemanissier

    Same thing here. I want all users to be part of groups, and permissions on repositories granted to groups, not individuals. Adding people in groups currently requires admin permission on the whole team, and this is not something I want to grant to anyone having to manage a single group/repository (possibly, contractors, external companies, etc). Please review Bitbucket permission model to allow delegating some admin functions (like adding user to group, creating repository, etc, each function independantly if possible) to a given scope of a bitbucket team. Projects might be useful here to define this scope, but for now, we can't do much with them (we're using bitbucket hosted). Thanks for your help.

  2. Roger Lennon

    We need this as well. We don't want to have to be full site/account admin to manage groups. There should be a group level admin that can add invite users to the group and repositories.

  3. Maxime Lemanissier

    We ended up developing a facade webservice above the Bitbucket API to allow tech leads to invite some email address patterns and manage some group patterns. Working fine. Did the same thing for JIRA and Bitbucket server (as since 2016 we moved to BB Server).

  4. Log in to comment