How does Stash resolve effective permissions when a user in multiple groups?

If I have a user in multiple groups Read_Write and Read, and apply permissions at the project level How does stash resolve the effective permissions? Is it a basic union of the different permission sets, or is there some form of hierarchy/resolution order?

I skimmed through the permissions documentation in confluence, but I didn't see anything that seems to mention how this was resolved.

2 answers

1 accepted

Repo permissions do not override Project permissions.  Project and Repo permissions are basically additive.  You will have the highest level of permission that any of your group memberships give you, whether that group was defined at the Project or Repo level.

This plugin is useful for seeing what the overall resulting set of permisons on a repo are: https://marketplace.atlassian.com/plugins/com.orbitz.stash.plugins.permission-viewer-plugin

 

Thank you for correcting me.

There are two level permission

  1. Project Level
  2. Repository level

I think, repository level permission overrides project level permission.

You can test as below.

  1. Add group A to a repository, provide R permission.
  2. Add group B to the project, provide RW permission.
    where the user is part of both groups, A and B

Your should have R only access to the repo under test, but RW access to other repos under the same project.

 

Hope this helps.

This is incorrect. Project permissions are just applied to all repos in that project. Lacking a 'write' or 'admin' permission on a repo will not override the user's project level permissions. Also, the question was about permissions from different groups at the project level. In which case the user will end up with the highest level of permission from any of their groups.

Thanks for the help!

I would suggest that you actually perform the test as described, because I have, and the results were not what Anurag thinks they would be.

I've done that one before, and agree with you. I was thanking you for your answer to his answer.

cool, thanks, just didn't want wrong info to propogate

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

2,048 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you