Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to give external contract developers access to certain branches only?

mawh
mawh August 9, 2017

Let us say I have 10 repos, one is called Frobble , and I want some outsourced contractor team to work on one branch of one repo

 

i have created a group in my main account settings and set the permission as "external-contractors have NO access to this account repos"

 

then I have gone to the repo I want them to work on (Frobble) settings and given the external-contractors Group read access to that whole repo. I did this because I can't find a way to grant read access to only a single branch. It's not ideal, but..

so they can now read the branch I'm interested in them working on. I went into branch permissions for the "extdev" branch I created and hoped to give the team write access to this branch, but when I start typing the group name "external-contractors" in the box to grant write access, that group doesn't appear as a suggestion. I can add individual users from the group, and I can add some (but not all) other groups on my account..

 

what gives? How do I arrange a situation where I get what I want? Ideally, external dev group would only have readwrite to a specific branch, but if impossible, they should have read access to a whole single repo and write access to one branch within..

Answer
Watch
Like rightdroid likes this
2140 views

1 answer

0 votes
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 9, 2017

It works the other way. Branch permissions are for restricting the rights to groups/users who already have that right in the repo.

You need to provide "write" access to both groups in the repository permission but restrict the "write" access only to the internal group on all branches except the one that is open to external group.

View More Comments
mawh
mawh August 14, 2017

Confusing! So As a setup I should have:

extern-developers GROUP (bitbucket settings) that has NO access to this account repos

a permission on the Frobble repo that grants WRITE access to the extern-developers group 

a permission on only the extdev branch of Frobble repo, giving the members of extern-developers write permissions

 

So, even though "extern-developers" have WRITE access to the entire Frobble repo, they can only write to branches theyre specifically named on? What happens if they try to commit to another branch?

And what about me, who is a member of the "internal-developers" group and also has write permissions to Frobble repo, but not named in any branch permission? Can I write to it or not? DO I need a "can write to branch pattern * " setting?

 

How does giving someone write permission to a branch, when they already have write permission to the entire repo, restrict them to writing to just that branch? Highly illogical

Like
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 14, 2017

I think you got confused. "..but restrict the "write" access only to the internal group on all branches except the one that is open to external group."

In this case, you give write access on the repo to both extern-developers and internal-developers. But then restrict the "write" access on all branches except extdev branch to internal-developers. That way, people in internal-developers can write to all branches. People in extern-developers can only write to extdev branch. Makes sense?

Like
mawh
mawh August 21, 2017

Still confused, sorry! You wrote:

restrict the "write" access on all branches except extdev branch to internal-developers. That way, people in internal-developers can write to all branches

 

If internal-developers have had their write access on every branch (apart from extdev) taken away, how do they then have write access on every branch?

Did you mean to say:

 

restrict the "write" access on all branches except extdev branch to external-developers

 

How do I remove write access anyway? The branch permissions setup looks like it can only give permission, not take it away?

Like
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 21, 2017

When you set a branch restriction, it is restrictive. You prevent changes, except by the the group you added.

So, it takes away permission from everyone else.

Like
mawh
mawh September 4, 2017

Suppose this were code, are you saying the logic is:

user_has_write_access_to_repoX 
AND 
(
  user_has_branch_permission_granting_write_access_to_branchX 
  OR 
  user_is_not_mentioned_in_any_branch_permission_at_all
)

 

Like
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 4, 2017

More like this in the last OR clause:

"no_user_is_mentioned_in_the_branch_permission_at_all"

Like
mawh
mawh September 4, 2017

So the logic is more like:



user_has_access_to_the_account_repos
AND
user_has_write_access_to_repoX 
AND 
(
 user_has_branch_permission_granting_write_access_to_branchX 
 OR 
 no_branch_permissions_are_set_at_all_on_repoX
)

 (I forgot to put a clause in about the account repo access)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events