Bitbucket permisions: Help!

First, our environment.

• JIRA and Bitbucket servers (not Cloud)
• LDAP readonly Crowd directory for user/group

We have a complex authorization model but I started with what I thought was permissions that are about as wide open as they can be.

Every user is a member of the Participants group.

Permissions for the Participants group:

Global: Admin, Project Creator, Bitbucket User

Project: Admin, Write, Read

Repository: Admin, Write, Read

No additional Branch permissions/restrictions

Symptom: can't create a branch off Master: No error message, just nothing happens.

I'm stumped.  The documentation is hard to parse, But I've come across situations in Atlassian applications where the presence of a builtin application group was required for something to work. Is it possible there needs to be a literal "bitbucket-user" group or some other builtin group for things to work.

Short of that All I can think of is to reinstall from scratch in case it's a problem down in the bowels of the bitbucket server.

We're at version 4.4.14. nginx reverse-proxy configuration.