Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict non team member from branch pull and push

U P Dave
U P Dave
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 31, 2023

I have a Bitbucket free account, I have created a private project and a private repository within that project itself. I have created a group of users with some domains say "example.com".  Now when I try to clone this repo on my local machine with the personal email ID - "gmail.com" [which is not part of my team] even though the project and the repo are private I am still able to pull the repo, create new branch, push the changes.

How can I restrict this behavior I want only people with access provided and have an "example.com" domain to be able to access my repo.

Answer
Watch
Like Be the first to like this
515 views

1 answer

1 vote
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 1, 2023

G'day, @U P Dave 

Welcome to the community!

I want to understand how you attempted to clone using your "Gmail" account. Could you share some additional details? Typically, when cloning via HTTPS or SSH, authentication is done using your username, not your email address.

Therefore, if your username is linked to an account with access to the repository, you can clone without issues. I want to gain a clearer understanding of the process you followed. This will help me identify whether there might be any misconceptions about how permissions function in Bitbucket and assist you better.

Regards,
Syahrul

View More Comments
U P Dave
U P Dave
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 2, 2023

Hi @Syahrul ,

Greetings of the Day,

Thanks a lot for reverting to my question. Yes, I have my personal GitHub account set up with my personal Gmail address. I was working with my personal repo by creating "git config --global user.email - 'my personal gmail address'" and using manager-core as a credential helper. Cloned my personal repo using HTTPS on my local machine and accessed it with PAT created on my personal account.

Now like I said using bitbucket free plan created private Project and private repo within that project. Then I tried to create clone of the repo using HTTPS it did not ask for any credentials I could clone repo, was able to push create branch and push the branch, even though I had not given this Gmail address acccess in the bitbucket.

I hope this clears the scenario.

Like
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 2, 2023

Hi @U P Dave 

Interesting, I am leaning this toward your local machine, which has already had the credentials stored. You can use the following commands to generate verbose clone output to verify where the clone credentials were used:

GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_CURL_VERBOSE=1 <git command_here>

Look for authentication used from the verbose output. In such cases, for OSX, it's stored in the keychain and for Windows, it's using Credentials manager.

Regards,
Syahrul

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.