We have integrated Bitbucket with LDAP, all permissions are managed via LDAP groups.
For each Bitbucket project we have 2 LDAP groups:
- p123-member --> project write permission
- p123-manager --> project create repository permission
When a user of group p123-manager creates a new repository, he becomes repository admin. During creation a user-level admin permission is created automatically.
The problem is that a user can leave a project, thus s/he is not a member of project groups (p123-member, p123-manager) anymore. All this is handled by LDAP. But as s/he still has the repository admin permission assigned to his Bitbucket user and s/he can still access the repository.
Is it possible on repository creation to either:
- avoid the automatic assignment of repository admin user permission
- automatically assign a group (instead a user) as repository admin e.g. p123-manager.
Thanks,
Thiemo