Select a group dropdown empty when trying to give group/team access

Issue #18072 closed
Michael Bannach
created an issue

Go to any repository, click: Settings > User and group access

The dropdown where you can give access to a team is not populating at all making it impossible to give access to teams.

Official response

  • Amber Van Hecke staff

    Thank you all for your comments - As Michael Bannach kindly added, we removed the ability to reference groups across teams due to security concerns. I realize that this change currently adds more overhead for admins; however, it also alleviates large billing and administrative risks. Removing functionality is never an easy decision, but in this case it was necessary and I can assure you that we are currently exploring other (more safe) options to provide similar control in the future.

Comments (17)

  1. Michael Kuyper

    Granting permissions to external groups also does not appear to work using the API:

    $ curl --request PUT --user xxxxx@xxxxx.com https://api.bitbucket.org/1.0/group-privileges/<owner>/<repo>/<external-owner>/<external-group> --data read
    Enter host password for user 'xxxxx@xxxxx.com': *************************
    Group not owned by team.
    
  2. Michael Bannach reporter

    I also raised this issue to Atlassian support. We went back and forth a bit. This was their response...

    "It is no longer possible to give access to your repositories to groups of other teams. This is a deprecated functionality.

    To give you a little more context about it, this was identified as a security vulnerability.

    So, now, only the users /groups on your account can can be granted access to your repositories."

    Essentially, they no longer support teams.

    So, my work around was to go to the settings (account level, not repo level), click on Users and Groups. You will see 2 default groups, Administrators and Developers. I clicked the Add group button, created a new group, "Team 1 Developers," then added the users there. I gave them NO access by default so I can only grant them access to the specific repos I add them to. Now, when I go back to the group drop down, I can see the newly created group.

    Hope this will work for some of you.

  3. Michael Kuyper

    Thanks Michael for the info. I was dreading that this would be the outcome. This essentially means that we can no longer share group definitions across teams and we'll have to re-create all of those groups within the teams. Considering how much money we spend on our BB subscription, I am very disappointed. Even more disappointing is that we have to get this information from another user, instead of Atlassian staff.

  4. Amber Van Hecke staff

    Thank you all for your comments - As Michael Bannach kindly added, we removed the ability to reference groups across teams due to security concerns. I realize that this change currently adds more overhead for admins; however, it also alleviates large billing and administrative risks. Removing functionality is never an easy decision, but in this case it was necessary and I can assure you that we are currently exploring other (more safe) options to provide similar control in the future.

  5. Dan Bonachea

    Ugh, another bad decision by BitBucket..

    Our main reason to use the groups feature was to allow developers to quickly give the entire team access to their private forks (in a repo owned by the individual developer, not the team). This terrible change has broken that workflow, making the groups feature mostly useless to us.

    Our devs now have to remember and type out the names of every group member in every fork and individually manage the list (eg when people leave or join the group), which is tedious, error-prone and completely non-scalable. The whole point of having a group is to centralize the list so you can name a set of people with a single entry, but restricting the places you can enter that group name in an access list defeats the entire purpose of the feature.

    Please revert this!

  6. Log in to comment