*Update at bottom*
First off, it appears the permissions for our Bitbucket account are totally independent from Jira (and other Atlassian) permissions. If this is not true, someone please set me straight.
In Bitbucket, our company account has user groups defined by customer and we pay monthly for some of these customer users to have access to their private repositories. (Pretty basic, I think.) All of the customers' private repositories are also under customer-specific private Projects. Correctly, customers can only see and modify their repos because their company group is granted explicit access to each repository. However...
What I just learned today (and I think it's giving me hives) is that customers can see each other's private Projects when they browse at the Project level. They can't by default see the private repositories underneath the private Projects, but they have a profoundly unprofessional (on our end) awareness of our overall client base because of the Project list. Not cool.
How do I limit which Projects our customers can see? It seems that since Bitbucket considers them "members" of our organization (because we pay their monthly fee) they automatically see everything, including all private Projects. The sharing and permissions for Projects seem limited to "Private" or "Public" without any ability to revoke browsing permissions.
It seems crazy there wouldn't be a solution to this--but after a bunch of searching and trying, I'm totally perplexed. Thanks in advance!
UPDATE: Customers who are granted access by repository do not see the private Projects that I want hidden (good news!). Customers who are granted access to their repositories by Bitbucket user group do see all of the private projects. An inconvenient fix is to delete the customer user groups and manage all of the customers' access on a repo-by-repo basis. This cleans up the most egregious problem, but I would prefer the groups feature to allow better control of permissions. Am I expecting too much?
I face the same problem. I got several projects in my workspace. When I invite a freelancer to a single repository they can see all projects (although they are marked private).
This is unexpected and also a big concern with regards to information security and privacy.
Hi Ethan,
Could you give us an example of a user that can see the repositories and a user that can not see the repositories so we can try to reproduce this issue?
If you'd prefer to share them privately, let us know and we'll create a Support ticket for you.
Best regards,
Ana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This hasnt been resolved yet? I would like to hide the projects list too.
Ill give you an example.
Company has a bitbucket workplace called A.
In workplace A, there are projects P1-P19, with 10 repositories in each.
Then new project starts and its P20. Also new user group created for this project, call them P20Members (Actually doesnt matter).
Company invites some freelancers/outsourcing members to P20Members, gives them access to create/write repositories. And its supposed to that they will work and see project P20 only. But there is no way to assign any user groups or members to a project, only to a repository. So they can see the all 20 project list, create new repository in any of them, but cant see previous repositories inside each of them (because P20Members were not given access to these 190 repositories)
Is there any way to hide projects, and give access based on project only?
Basically that's kinda huge privacy breach cause everyone with any even lowest access level, can see literally every project we had/working on.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.