We are a very small team who have just started using Bitbucket. In fact, our core team is made of only of myself and one other person, and on occasion we have one or two more temps who might work on our Bitbucket repos.
Now, for pull requests, we can of course make sure that one person is the admin of the repo and only he can merge the PR into Master, that's fine.
But what if that admin is the one submitting the PR? Security-wise they are now able to approve and merge their own pull requests.
So is there a way to configure permissions that it can't be the same person submitting a PR that also merges it into master?
That way we'd still have a two people (four-eyes) approval and review process, AND ensure that it whoever submits the PR will have to wait for someone else to approve it before it can be merged in.
Any way to do that?
It sounds like you want something akin to Stash's merge checks, which allow you to prevent pull requests from being merged unless certain conditions are met (including a minimum number of reviewers who have approved the review). Bitbucket doesn't have this feature yet, but there's a feature request open regarding it - I'd recommend casting your vote on the issue and adding any commentary you have there.
Thanks for the quick response, but that doesn't help if there are for example only two people in a team. One of the two will have to be a repo admin, and thus is god on that repo, free to merge in their own pull requests.
What I'd like to do is make sure that that repo admin cannot approve and merge his own pull request when he submits one. But he can still merge in those from other users!
I assume that's not possible then?
Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot