Issue #7441 resolved

Adding the "one too much" user to your account can kill everyones access (BB-8641)

Christian Theune
created an issue

We had a 25 people plan and one of our admins added the 26th user. He told me that he wasn't informed that this would go above our 25 people limit and was not aware that this would

  • set all repositories to read only
  • disable any ssh access at all

This caused a big disruption in our daily workflow until we were able to contact support, figure out what's wrong and get an upgrade on the account (the user with administrative privileges for this - me - was on vacation at that time) with some help.

Please, could you make it that:

  • it's not possible to add the N+1 user or display a really fat warning that this will basically screw up bitbucket for everytone in the organization?

Comments (6)

  1. Brian Nguyen

    Hi Christian,

    By design we do not prevent users from going over their limit. However, we also make sure to provide many warnings that this has occurred. This includes:

    • A yellow banner on the website for every administrator of the team.
    • An error when a user tries to push abort: the account owner has exceeded their user limit - write access is disabled to the repository.

    We also have a page called 'Plans and Billing' in the account admin section that allows you to see how many users have access to the account.

    Would you be able to tell us why these warnings didn't work for you?

    Cheers, Brian

  2. Christian Theune reporter

    Hey,

    thanks for getting back to us.

    @swalluhn and I went through what happened and I think we have a possible explanation why this hit us so hard.

    1. @swalluhn added a new user to a group in our team. The list is relatively long and when doing that any banner at the top of the page is invisible. Adding the user doesn't require a reload of the page so you see that your "add" worked, close the tab, and go home.

    2. The people who encountered the problem where using continuous integration tools with SSH and got "for read only requests" the above error message. However, in our setting the people who got hurt and the people able to resolve the problem were separated by a few hours.

    Can you think of something to help in this situation?

    Also, what's the reason that you do not prevent people going over their limit?

  3. Log in to comment