Ability to view and export email address for team members

Issue #13143 open
Pranav Khaladkar
created an issue

Hi, We would like to ensure the accounts in Bitbucket Cloud team are created using corporate email address. As an administrator of my team, I should be able to view email ids of my team members along with their username & display name. Currently it is not possible to view email ids of the team members.

Comments (23)

  1. Matt Doran

    I agree. Right now looking at the team members can be very difficult to understand who has access to the repositories.

    The member/group lists just show the bitbucket name, and for a number of users in our team this is a "handle" and it's impossible to identify who this really is.

    Definitely need better user management for company teams!

  2. Alastair Wilkes staff

    Hi y'all,

    Thanks for the feedback! We totally agree this is a usability issue for administrators, and we'd definitely like to make it easier to manage your users.

    Unfortunately, there existing factors that prevent this from being a simple fix: at present, we can’t reveal an individual's email address to the team admin because there is no way for a user to consent to providing it. This is exacerbated by the fact that currently, if a user is invited to a team, they are added to that team automatically. One way to address this would to add the ability for a user to accept or reject an invitation to join a team, and then implement a migration strategy for existing teams.

    Of course, other possible solutions exist - for example, we could build a method for admins to request this info from team members - but none of them are quick fixes. We also have to consider the broader Atlassian Cloud suite as we seek to create great cross-product experience, which can complicate the introduction of a one-off solution.

    In short, yes, we agree this is an issue, but unfortunately it's not a quick fix. User management improvements are high on our priority list and something that we're actively investigating (as you can see!) but I don't have a specific timeline right now. Stay tuned. As always, feedback is welcome.

    Alastair

    Bitbucket Cloud PM

  3. Phil Rittenhouse

    Hi Alastair,

    Thanks for taking the time to provide feedback on this issue.

    we could build a method for admins to request this info from team members

    I think the ability to send a message to team members would be a good idea in general. Currently we can communicate with team members via comments on commits or pull requests. Adding something similar to the user's page seems like it shouldn't be a big stretch.

    we can’t reveal an individual's email address to the team admin because there is no way for a user to consent to providing it

    I suspected that might be an issue. As an alternative could you maintain the list of invites sent by the admin? That is, a list of each invite sent and whether it has been accepted or not. If it has been accepted the list entry would also include the username or link to the user account. When a user is removed from the team she would also be removed from the invited list, or flagged as removed. If the invites are sent using an email address then there should be no concern about the user giving consent since the admin already had the email address to begin with.

    I think this should balance the privacy needs of open-source projects with traceability needed in corporate environments.

    My 2 cents

    Thanks, Phil

  4. Grétar Hauksson

    Hello,

    I think this is an absolute requirement for proper administration and access auditing. For corporations that have any security standards, being able to audit access is a necessity.

    Now, Atlassian has been rolling out a feature called Atlassian Accounts. This gives companies the ability to manage accounts that use an e-mail address from a registered domain. Why isn't this functionality being leveraged in Bitbucket as well? If the domain is registered then I should be able to see the account information for these users. Bitbucket could also be added under the same hat as JIRA and Confluence where you can use site administration to manage users and groups, this would allow administrators to manage all Atlassian Cloud service access in a single location.

    Implementing something like this would certainly give Bitbucket an advantage when it comes to other similar platforms. Corporations that are not averse to hosting source code in the cloud but have established security policies would be queueing up at the door... ;)

  5. Alastair Wilkes staff

    Hi @Phil Rittenhouse,

    I think the ability to send a message to team members would be a good idea in general. Currently we can communicate with team members via comments on commits or pull requests. Adding something similar to the user's page seems like it shouldn't be a big stretch.

    If we were to do this, it would be an automatic request (triggered by a button push), rather than a customizable message. The user would then accept or reject using a link in the email.

    As an alternative could you maintain the list of invites sent by the admin?

    This is also an option. Thanks for the feedback!

    Hi @gretarh,

    Why isn't this functionality being leveraged in Bitbucket as well? If the domain is registered then I should be able to see the account information for these users. Bitbucket could also be added under the same hat as JIRA and Confluence where you can use site administration to manage users and groups, this would allow administrators to manage all Atlassian Cloud service access in a single location.

    We agree! This would be awesome. We plan to do this, but we don't have a timeline to share yet.

    Alastair

  6. Jen Elam TWX

    This is causing huge problems for our organization as well. This is a security problem and an administration problem and needs to be addressed asap. One other note, we claimed our domain and the Bitbucket users were not able to manage their accounts but neither was the administrator. It resulted in no one being able to make changes to the account. We had to unclaim the domain so that at least the individuals could make changes to the account.

  7. Naveen Balaji K

    Hi, It would be great if you can display last login details of all the users only to Admin. This info will assist in cleaning up inactive users there by reducing the unwanted billing cost.

  8. Renato Covarrubias

    Hi!

    Suscription Admin to check inactive user need to know:

    • User email
    • User last login
    • User last activity

    But... if you can't show the user email, at least we can apply some restriction to email adress domain to add users o permissions.

  9. Eugene D Bethel

    +1 - Definitely needed. As an Administrator it makes auditing accounts very difficult. The Team admin should be able to see the email address of all Team members by default. Almost every other application allows an admin to see this. However since this thread is over 2 years old, I'm going to consider other alternatives. Not getting the feeling that it is a big enough concern to them to change it.

  10. Log in to comment