Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Permissioning for Bitbucket manual pipelines/deployments

Daniel Whatmuff February 6, 2018

I would like to create manually triggered pipelines and add permissioning to them.

e.g. manual pipeline "deploy-to-prod" can only be triggered by users in group "Deployers".

The same thing for deployments - some users can deploy to dev/QA but only admins can deploy to prod.

1 answer

2 votes
SebC
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 6, 2018

Hey @Daniel Whatmuff,

Pipelines permissions are tightly coupled to the repository permissions to keep things simple. Anyone who can write to your repository can trigger new pipelines (much as committing to a branch triggers a pipeline.)

If more granular permissions are something you think is valuable, please add a comment and watch https://bitbucket.org/site/master/issues/13676/ability-to-restrict-who-can-run-deployment which we are using to track customer feedback.

thanks,

Seb

Jonathan McCutchan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 27, 2020

@SebC 

Currently, deployments only allows deployment permissions at the admin level.  SOX compliance requires us to have the employee that merges the code and the employee that deploys the code be different.

Branch permissions allow for assignment of a group to be able to merge to a branch, but deployments can only be configured to admins.  What this results in is our deployment manager having to be an admin of the repository to be able to lock down production deployments.  The issue with this is that if our deployment manager is an admin of the repository, he also has access to merge, or at least could grant himself access to merge since he's an admin.

 

The feature request, if there isn't an alternative that you can think of, or current work-around, would be to allow deployment permissions to be assigned to a user group.

 

Let me know if you have any questions or if there's something already in place that I'm not aware.

 

Thanks

Like # people like this
Jonathan McCutchan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 28, 2020
Shelly thakur
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 23, 2020

Facing the same issue. Any updates?

C.Yeow
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 18, 2023

Hi Atlassian team,

Any update on this?

We are facing similar issue in which we want to allow certain group of users / release manager to kick off a Prod deployment, but we do not wish to grant them admin access to the repository.

CC:@Chris Batty @Emil Breznik

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events