Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How does Stash resolve effective permissions when a user in multiple groups?

Alex Jones11
Alex Jones June 2, 2015

If I have a user in multiple groups Read_Write and Read, and apply permissions at the project level How does stash resolve the effective permissions? Is it a basic union of the different permission sets, or is there some form of hierarchy/resolution order?

I skimmed through the permissions documentation in confluence, but I didn't see anything that seems to mention how this was resolved.

Answer
Watch
Like Tim Crall likes this
481 views

2 answers

1 accepted

2 votes
Answer accepted
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2015

Repo permissions do not override Project permissions.  Project and Repo permissions are basically additive.  You will have the highest level of permission that any of your group memberships give you, whether that group was defined at the Project or Repo level.

This plugin is useful for seeing what the overall resulting set of permisons on a repo are: https://marketplace.atlassian.com/plugins/com.orbitz.stash.plugins.permission-viewer-plugin

 

View More Comments
Anurag Prakash
Anurag Prakash
Contributor
June 2, 2015

Thank you for correcting me.

Like
Reply
0 votes
Anurag Prakash
Anurag Prakash
Contributor
June 2, 2015

There are two level permission

  1. Project Level
  2. Repository level

I think, repository level permission overrides project level permission.

You can test as below.

  1. Add group A to a repository, provide R permission.
  2. Add group B to the project, provide RW permission.
    where the user is part of both groups, A and B

Your should have R only access to the repo under test, but RW access to other repos under the same project.

 

Hope this helps.

View More Comments
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2015

This is incorrect. Project permissions are just applied to all repos in that project. Lacking a 'write' or 'admin' permission on a repo will not override the user's project level permissions. Also, the question was about permissions from different groups at the project level. In which case the user will end up with the highest level of permission from any of their groups.

Like
Alex Jones11
Alex Jones June 2, 2015

Thanks for the help!

Like
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2015

I would suggest that you actually perform the test as described, because I have, and the results were not what Anurag thinks they would be.

Like
Alex Jones11
Alex Jones June 2, 2015

I've done that one before, and agree with you. I was thanking you for your answer to his answer.

Like
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2015

cool, thanks, just didn't want wrong info to propogate

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events