Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Permissioning for Bitbucket manual pipelines/deployments

I would like to create manually triggered pipelines and add permissioning to them.

e.g. manual pipeline "deploy-to-prod" can only be triggered by users in group "Deployers".

The same thing for deployments - some users can deploy to dev/QA but only admins can deploy to prod.

1 answer

2 votes
SebC Atlassian Team Feb 06, 2018

Hey @Daniel Whatmuff,

Pipelines permissions are tightly coupled to the repository permissions to keep things simple. Anyone who can write to your repository can trigger new pipelines (much as committing to a branch triggers a pipeline.)

If more granular permissions are something you think is valuable, please add a comment and watch https://bitbucket.org/site/master/issues/13676/ability-to-restrict-who-can-run-deployment which we are using to track customer feedback.

thanks,

Seb

@SebC 

Currently, deployments only allows deployment permissions at the admin level.  SOX compliance requires us to have the employee that merges the code and the employee that deploys the code be different.

Branch permissions allow for assignment of a group to be able to merge to a branch, but deployments can only be configured to admins.  What this results in is our deployment manager having to be an admin of the repository to be able to lock down production deployments.  The issue with this is that if our deployment manager is an admin of the repository, he also has access to merge, or at least could grant himself access to merge since he's an admin.

 

The feature request, if there isn't an alternative that you can think of, or current work-around, would be to allow deployment permissions to be assigned to a user group.

 

Let me know if you have any questions or if there's something already in place that I'm not aware.

 

Thanks

Facing the same issue. Any updates?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Calling any interview participants for Bitbucket Data Center

Hi everyone,  We are looking to learn more about development teams’ workflows and pain points, especially around DevOps, integrations, administration, scale, security, and the related challeng...

503 views 6 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you