Make sending a notification optional when removing user access (BB-13620)

Issue #4944 open
Simkin created an issue

I removed a users's access and it sent them an alert stating " Notification: Your access on [repo name] has been revoked."

I would have preferred that either no email was sent or that I had the option to skip sending the email. I needed to remove the user without them knowing about it.

Comments (25)

  1. Dylan Etkin

    Hi idpursuit,

    This is done on purpose.

    I know it can be a little rough if you have decided that you don't want the person to have access any longer but we believe that knowing is a good thing. If we send a notification then the individual will not have to chase anyone up when they try to access the repo in the future.

    Cheers,

    Dylan

  2. Todd Lucas

    "...we believe that knowing is a good thing." But what about what your customers believe? Shouldn't this be a policy decision of the individual or company who is paying for your product?

  3. Sayo Oladeji

    This should definitely be a decision by customers. There should be a checkbox "send notification."

    Now I want to revoke a superior's access on my repo without creating drama but that's currently impossible.

  4. Zachary Davis Account Deactivated
    • changed status to open

    I'm reopening this issue because nearly 3 years on from it being closed people clearly still want it. However, we have no current plans to revisit our notifications in this manner. So please vote for it if you're interested as that helps us gauge demand.

  5. R Churchill

    My question is, does it warn that a notification email is sent? I just removed a user from account and there was no indication that this might happen.

    A couple of years ago a colleague was asked to remove a user from BitBucket and a notification was sent, in advance of that user being told that they were being removed from the project, and it caused... unnecessary emotion. I would say removal could be a sensitive situation, and it would be better dealt with face-to-face rather than a form email that's sent in the background. In my situation today I'm tidying up accounts after a contractor left, and there is a danger the notification looks like, "I no longer trust you", rather than "Just doing some spring cleaning".

  6. Tom Bamford

    +1 on this. We have groups that have several hundred people in.

    I don't want hundreds of emails to constantly be sent out by BitBucket every time I make a change to the group permissions on an internal public repository, then be hounded by a large number of people about why their access was revoked or modified.

    I understand the "don't #@!% the customer" argument if you are modifying access for 1 person, but if you are an administrator changing group permissions, you become the brunt of a barrage of abuse about why you revoked people's access.

  7. David Siu

    +1 as well. I have no desire to stir up any emotions among people whom have already moved onto other projects. These automated notifications can cause more problems then it solves for customers with these kinds of use cases. Would love to have this be an option.

  8. John Fetzik

    I have to agree as well. As an administrator for a business I get a lot of inquires about what is going on every time we change something about access rights. WIth 80+ repositories, 120+ users, and new repositories being created every week, this adds up to a lot of notifications going out.

    This is particularly annoying when creating a new repository automatically adds a dozen access groups that all have to be removed.

  9. Brendon LaRusic

    +1 for this. I feel like I should have control over notifications when modifying permissions for a particular user. I think John Fetzik hit the nail on the head. By revoking or changing access, it can raise questions. I should be the judge of how privacy is handled within my teams, not BitBucket.

  10. AlexanderD

    +1 I feel the same way, the decision, if you want to notify anybody, should be in the hands of the admins. And I cannot believe 5 years almost after the request and this still has not been addressed. For each person commenting here, there are 1000x more who wish they had this option but don't say anything or even know where to request it.

  11. Raphael Baldi

    The main reason I'm no longer using BitBucket: lack of privacy/notification settings. 5 years in and it is still not in place.

  12. Lei Li

    +1. We need this for better internal control and there are scenarios in corporate settings that you need to remove the account first before you talk to the person face to face.

  13. adam Cherti

    +1 I support this issue. Administrators should be able to choose whether to send notifications or not.

    "...we believe that knowing is a good thing." It might be a good thing so that your users don't bother you for help related to an unexpected denial of access to a repository (although it is arguable, because your primary clients are the repos admins), but it doesn't justify why notifications of revoked access should be always mandatory since it's only in some special cases that admins prefer not to send notifications of revoked accesses.

  14. Sayo Oladeji

    I still don't understand why this hasn't been implemented. BitBucket should not tell me how I decide to run my business. Provide platform and infrastructure and let me manage my repository how I deem fit.

  15. Tom Bamford

    I think we all understand the “don't #@!% the customer" standpoint, but in this case, that is exactly what Atlassian are doing here.

    BitBucket is otherwise such a great service, but this is the reason I have not been able to recommend BB to larger enterprise clients. It’s such a simple change and the fact this is being ignored is frustrating.

  16. William Ukoh

    Really? Are we still on this matter after so many years now? Should this request/desire for control by a customer still be pending?

  17. Log in to comment