Hi, reviving the old thread here.
What @Ana Retamal is saying here is that a regular user, not having admin rights on a repository, can freely install any random 3rd-party app to the team workspace and there is nothing we can do about it.
Installation of an app to the workspace exposes the repo content to this application and if you let users add random apps, you effectively make the rest of your access control void.
How does this play with the Atlassian security obligations?
Hi Wanderley,
It is not possible to restrict Bitbucket Cloud users from installing apps in their accounts. That is something that every admin can do, and since Bitbucket users are the admins of their own accounts, they'll have that privilege.
Let us know if you have any other questions!
Kind regards,
Ana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is ok to have them installed on their own accounts for their private repos, but the problem is that users are part of a team, and when they install something like "Pipelines" it is available to everyone and the tab is there always. Is it possible to remove it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Wanderley,
If some users are installing apps and everyone can see them, that's because they must be installing them in repositories that are part of the team, and not in their private repositories.
Could you send us a screenshot where the users can see those apps?
Best regards,
Ana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can see the audit logs where a regular user installed "Pipelines" and it is shown in the installed apps on my account for all repos. I just want to not allow this to happen.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.