Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permissioning for Bitbucket manual pipelines/deployments

Daniel Whatmuff
Daniel Whatmuff
Contributor
February 6, 2018

I would like to create manually triggered pipelines and add permissioning to them.

e.g. manual pipeline "deploy-to-prod" can only be triggered by users in group "Deployers".

The same thing for deployments - some users can deploy to dev/QA but only admins can deploy to prod.

Answer
Watch
Like Alexander Fedra likes this
2997 views

1 answer

2 votes
SebC
SebC
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 6, 2018

Hey @Daniel Whatmuff,

Pipelines permissions are tightly coupled to the repository permissions to keep things simple. Anyone who can write to your repository can trigger new pipelines (much as committing to a branch triggers a pipeline.)

If more granular permissions are something you think is valuable, please add a comment and watch https://bitbucket.org/site/master/issues/13676/ability-to-restrict-who-can-run-deployment which we are using to track customer feedback.

thanks,

Seb

View More Comments
Jonathan McCutchan
Jonathan McCutchan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 27, 2020

@SebC 

Currently, deployments only allows deployment permissions at the admin level.  SOX compliance requires us to have the employee that merges the code and the employee that deploys the code be different.

Branch permissions allow for assignment of a group to be able to merge to a branch, but deployments can only be configured to admins.  What this results in is our deployment manager having to be an admin of the repository to be able to lock down production deployments.  The issue with this is that if our deployment manager is an admin of the repository, he also has access to merge, or at least could grant himself access to merge since he's an admin.

 

The feature request, if there isn't an alternative that you can think of, or current work-around, would be to allow deployment permissions to be assigned to a user group.

 

Let me know if you have any questions or if there's something already in place that I'm not aware.

 

Thanks

Like # people like this
Jonathan McCutchan
Jonathan McCutchan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 28, 2020

@Philip Hodder 

Like
Shelly thakur
Shelly thakur
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 23, 2020

Facing the same issue. Any updates?

Like
C.Yeow
C.Yeow
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 18, 2023

Hi Atlassian team,

Any update on this?

We are facing similar issue in which we want to allow certain group of users / release manager to kick off a Prod deployment, but we do not wish to grant them admin access to the repository.

CC:@Chris Batty @Emil Breznik

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events