Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,560,115
Community Members
 
Community Events
185
Community Groups

Can a person with Read only access to private repository copy and download the repository?

Vesh g
Vesh g Aug 06, 2017

I want to give someone access to my private repository to just review the code and see it but not copy/download the code.

What access level should I grant?

Can read only access prevent downloading/copying repository?

Answer
Watch
Like # people like this
34490 views

3 answers

1 accepted

6 votes
Answer accepted
Jeremy M
Jeremy M
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Aug 07, 2017 • edited

Dear Vesh,

The following permission levels and its consequences exist within Bitbucket repositories;

Screenshot from 2017-08-07 09-03-07.png

So, regarding to your question.. yes, people can clone/fork/pull the repository to their local system.

Here a link to the documentation.

Friendly Regards,

Jeremy Mooiman

View More Comments
Vesh g
Vesh g Aug 07, 2017

And does cloning/forking means actual download of the repository to the user's computer/laptop or taking the code away from bitbucket?

Like
Vesh g
Vesh g Aug 07, 2017

What type of access do I grant for person to jest review the code but not download it to their system?

Like # people like this
Jeremy M
Jeremy M
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Aug 07, 2017 • edited

Dear Vesh,

Yes, a user will be able to ''clone'' the repository and thus download a repository to his/her local machine and read the files.

Cloning a repository fork or branch

When you want to work on a project by updating its files or adding new files, you need to make a local clone of the remote Bitbucket repository onto your machine or local network. You do this using the Clone button from the Bitbucket repository. If you forked a repository, you simply clone the fork. If you branched a repository, you clone the repository and checkout the branch.

Friendly Regards,

Jeremy Mooiman

Like
Jeremy M
Jeremy M
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Aug 07, 2017 • edited

To follow up on your question that I missed during writing my answer; The three permissions;

  • Admin, Write and Read

Will all allow for code to be cloned and thus downloaded to an individual his/her system.

Your request for a user to only review code is practically the same, because some one could still copy code.

Friendly Regards,

Jeremy Mooiman

Like
Christian Glockner
Christian Glockner
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 07, 2017

Jeremy hits the nail on the head: If a user can read code (even without cloning the repo), there is nothing preventing them from using copy & paste to get hold of the entirety of the code after all.

Cheers,

Christian

Premier Support Engineer

Atlassian

Like
Chris Wall
Chris Wall Aug 09, 2018

I understand both sides of this argument. 

Sure, a user would technically be able to copy the code if they could read it - but in reality, that would be extremely laborious process, given that most projects occupy numerous files in complex directory structures.

It agree that it would be nice to be able to give a user (a prospective employer, for example) access to your code in order to assess your skill level, without making it easy for them to clone all of your existing projects.

Like # people like this
Tony Wible
Tony Wible Sep 07, 2018

As an owner I would agree that having an option for just a review would be great as there are certain times where you need to share some code but want to be certain a clone is not performed.  Having a way to do this would certainly be something I would pay for. 

Like # people like this
Philippe Chaudun
Philippe Chaudun Jun 07, 2019

I fully agree with this, I've exactly the same request/concern.

Chris Wall is right, even it's technically possible, in reality it's will take hours to copy each of the source code compare to just download the entire repo.

As Tony Wible said, Having a way to do this would certainly be something I would pay for. 

Like # people like this
Yevgeny Simkin
Yevgeny Simkin Dec 11, 2019

I fully endorse this feature as well. Also, the code doesn't have to be selectable, making copy/paste a nightmare (because you'd have to dig through the HTML source to extract it) or the user would have to take screencaps and re-type it. 

Effectively this would reduce the prospect of someone "making off" with the code a non-starter. 

Who needs to be fellated to get this feature improvement on the roadmap? 

Like Julien Saab likes this
mjenkins65
mjenkins65 Sep 23, 2021

I don't see the benefit in this kind of feature. "Review" and "clone" are essentially the same given that a simple script could walk through and "review" the entire source tree and copy all of the source.

Like
Reply
0 votes
Ritesh Prajapati
Ritesh Prajapati Mar 20, 2022

Hello Team,

 

Does anyone get solution to give access of view code but to prevent clone or download code? We have also same requirements for the same.

We have already tried few other tools but didn't get any success it yet as per requirements.

Let me know if anyone has do it into free or premium account which will be helpful for us.

 

Regards,

Ritesh Prajapati 

Reply
0 votes
Franky Aguilar
Franky Aguilar Jan 30, 2019 • edited

That privilege is for those who have a premium account, I found this...

https://confluence.atlassian.com/bitbucket/control-access-to-your-private-content-862621261.html

Requiring two-step verification

You can require that the users with access to private content are only able to see the content if they've enabled two-step verification. If they haven't enabled two-step verification, users with access will see a message that prompts them to enable it. In addition to being unable to see this content, users won't be able to clone, push, or pull a private repository either.

View More Comments
Douglas McCabe
Douglas McCabe Aug 22, 2019

I believe 2-step verification does not help achieve the result I (and others above) are looking to achieve.  We want a user to be able to view the code, but not to clone / copy / duplicate / print it.  Password-protected Adobe Acrobat files, and some websites, provide exactly this capability. 

Like Philippe Chaudun likes this
Philippe Chaudun
Philippe Chaudun Aug 22, 2019

I agree, we are already using 2 steps authentication, that doesn't fix the issue, that just allows to protect access to you BitBucket Cloud not to manage permission for people that have access.

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

See all events