Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is there a way to prevent users to add any developer to their fork?

Serdar Yuksel
Serdar Yuksel November 1, 2017

We use LDAP for authentication and use a separate LDAP group for each repository access. 

For example there is repoA repository and  "repo_a" LDAP group. If a user belongs to that group then he can access repoA.

Assume that user X belongs to repo_a and user Y don't. If user X fork repoA (we want to work with forking workflow), then he can add user Y to his fork. Since his fork also is repoA, we don't want user Y to access repoA because user Y is not in repo_a group.

Is there a way to prevent users to add any developer to their fork? 

Answer
Watch
Like Be the first to like this
375 views

1 answer

0 votes
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 4, 2018

Hi Serdar, there's no way to restrict that. Once you allow someone to fork a repo, this is a new repository and they control who they can invite. He can decide to inherit the permissions from the original repo, but there is no way to enforce that. 

You can disable the forking option, though, if you don't want your developers to create forks at all. 

Hope that helps!

Ana

View More Comments
Serdar Yuksel
Serdar Yuksel January 4, 2018

Hi Ana,

Thanks for the answer. Yes we learned as you say from Atlassian support. They also suggested a solution:

Pertaining your question as to whether you can setup Forking permissions in a way that would enforce only users under a certain LDAP group to have access to forked repositories we can confirm that it is not possible.Forked repositories behave as separate repositories, with their own permissions setup.
What you can do instead is delegate Bitbucket Admins that would have permissions to setup the Repositotires and their Forks, enforcing whichever permission sets you require, however that would strip away permissions to the other users for forking, leaving them with access to work on the repositories and forks.

The solution did not seem very useful to us. Then we decided to allow users to fork repos, but in the mean time we implemented an auditing mechanism. We watch Bitbucket audit logs and report conflicts with LDAP rules. 

Like
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 4, 2018

Glad that you found a way to make it work, and thanks for sharing with the Community!

Have a good day :)

Ana

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events