Details
-
Bug
-
Resolution: Handled by Support
-
Medium
Description
As explained here: https://community.atlassian.com/t5/Bitbucket-questions/Set-branch-permission-to-user-groups-and-oauth-client/qaq-p/927263#U1033042
When you use push back in pipelines to tag some commits using Oauth authorization without any branch permission or a permissive one, it works fine. However, if you set branch permissions (matching the branch you want to push to) to a user group, Oauth access is no longer able to create tags or push even it has repository write and admin access.
How can both security mechanisms work together?