Read Only Users Can Decline and Edit Pull Requests from Other Users

Issue #7342 resolved
Devin Schwab
created an issue

We have a repository with a number of read only users. However, these users appear to be able to edit and decline pull requests. The only difference between a user with commit access and a user without commit access appears to be the ability to merge. This seems counter-intuitive.

I would expect read only users to be able to approve of a pull request, comment on a pull request and edit/decline their own pull requests. I would not expect a read only user to be able to edit or decline other users pull requests.

Some additional information:

  • The repository was a transfer from a user account to a newly created bitbucket team
  • The team is listed as the owner of the repository
  • The users have been added as members to the bitbucket team with read only access
  • The users are also listed as read only access on the specific repositories access management page
  • The overview page of the repository shows read permissions for the user

Comments (9)

  1. Brian Nguyen

    Hi Devin,

    As Michael noted earlier, we are not able to reproduce this issue. I suspect that the users in question actually have write access, that was carried over when the repository was transferred.

    To help us investigate, could you tell us what repository(s) this is affecting and what users have erroneous access. If you do not feel comfortable giving us this information send us an email to


  2. Devin Schwab reporter

    Sorry about the delay. I thought I had email notifications on but I guess I didn't. So I didn't realize anyone had responded to this.

    Anyways, I don't think I have the authority to reveal our repository's name and who is working on it. So I will email your support team with the link to this bug.

    Thank you for your help.

  3. Marcus Bertrand staff

    To clarify. The issue here wad that the user who could edit/reject was an administrator on the source repository. Any user who has write/admin on the source repo can edit any Pull requests from that repo, as they are technically supposed to be able to.

  4. Log in to comment