Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Setting repo permissions using BB Cloud API 2.0

I have a few scripts that use curl to help me with repo administration.   One of the scripts helps me set repo permissions.  It used to work fine using the 1.0 privileges endpoint.  Now I need to move to 2.0 and I can't figure out how to set permissions in the 2.0 API.

Can anyone provide an example?

3 answers

1 accepted

0 votes
Answer accepted

Hello Jim,

You’re correct in that the v1 Cloud REST API did allow you to manage users and permission across Bitbucket. However, with the depreciation of the v1 REST API come April 2019, most of these permission endpoints have been removed or the verb only allowing GET. Further information about which endpoints will be deprecated along with if or what they’re replaced with may be found at Deprecation notice - Bitbucket Cloud REST API version 1 is deprecated effective 30 June 2018. Additional there is further explanation around why this deprecation is taking place, why the change is happening and what’s to come, please see Migration guide for major changes to Bitbucket Cloud REST APIs to improve user privacy

Alternatively, there is an endpoint that does offer control over Branch level permissions, though this may not be exactly what you’re looking for. You may find this endpoint at /2.0/repositories/{username}/{repo_slug}/branch-restrictions.

I hope this proves helpful and gives some insights into why this has happened along with where it will be going.

Regards,
Stephen Sifers

Stephen,

Though, not what I wanted to hear thank you for your reply.  I was hoping that I was missing something in reviewing the 2.0 APIs.

Just for the record, the script I was using to set permissions on repos was my work around to not being able to control permissions at the project level.

Thanks again,

-Jim

Like # people like this

Stephen,

This is really disappointing.  Why would you deprecate the v1 API without porting over the functionality to v2?  Also, the documentation doesn't talk about that functionality being removed or the other gaps with the v2 endpoints.  This was the only method for working around lacking native functionality in the product.  Obviously permission endpoints still exist, but are just private for the UI, can you make the public?

Can you comment on when we will have equivalent API's in v2?  Or why we won't get API's for managing permissions in v2?

Thanks,

Mark

Hello Mark,

The deprecation notice does cover the reason as to why the endpoints are removed from v1 to v2. Along with this, there is further explanation within the GDPR  changes which also impact these endpoints.

In regards to user management, the following should help to further understand how to manage users moving forward:

To comply with GDPR restrictions on personally identifiable information, and to adopt the Atlassian account, these endpoints do not have a direct replacement in the 2.0 API. Users will only be allowed to be invited by email, and they must explicitly accept the invitation before they can access private Bitbucket content.

Moving forward with the 2.0 REST API and beyond we intend to rely on the Atlassian Cloud Admin API for user and group management, but those API endpoints are not yet available.

Source documentation: Deprecation notice - Bitbucket Cloud REST API version 1 is deprecated effective 30 June 2018

and Bitbucket Cloud REST APIs are changing to improve user privacy

From this, we can see that the Organization REST API endpoints will be the path to use for user management. Further information on this REST API may be found at About the organization REST API.

I hope this information proves helpful and adds some clarity around the deprecation of user management and how to manage users moving forward.

Regards,
Stephen Sifers

Hi Stephen,

I really appreciate the response, but I don't think we are talking about the same v1 endpoints.  The Atlassian Cloud Admin API doesn't have any endpoints that would allow you to control permissions per repo in Bitbucket (as far as I can tell).  These new API's are great for generic user management of Atlassian accounts, but don't solve the issue of repository level permissions.  What is the plan to allow API access to configure repository permissions?

Use Case Example:

I have a project that contains 100 repositories.  The company decides to bring in a new set of contractors to work on this project.  We don't want to give access to all the repositories in our account so we would like to create a group and then grant read/write access for the group to each repository in that project.  I don't need to automate the group creation or the users in the group, but need to automate granting read/write permissions for that group to each repository.  Without API access managing permissions for large environments becomes very difficult.

Thanks,

Mark

Like # people like this

 

 

...how does GDPR restrictions forbid BitBucket from programmatic access to modifying access to a repository?

An update on when the ability to grant a user or usergroup access to a given repo would be very helpful.

Warm regards,

Neil.

Like Saket Kumar likes this

As an update to this, I've added support to my PowerShell module for managing groups on repos and we use it for update our permissions across large sets of repos in a project.  You can check it out here: https://github.com/beyondcomputing-org/Atlassian.Bitbucket

I was exactly looking for this and have run into this post. How is granting programmatic access to an API run foul with GDPR?

 

It is just painful to manage the permissions for a large number of repositories on a user/group basis when there is no API to do that.

 

I know that workspaces is being developed probably to address this but it is not there yet.

While it's not completely intuitive, there is a way to manage repo permissions via the API: https://support.atlassian.com/bitbucket-cloud/docs/group-privileges-endpoint/

This is one of the few 1.0 endpoints that is still available.

simply make a call like this:

PUT https://api.bitbucket.org/1.0/group-privileges/{workspace_id}/{repo_slug}/{group_owner}/{group_slug} --data "{privilege}"

it would be nice if the existing 2.0 documentation pointed to this a little more obviously.

Yes, you can create groups and add the groups to a repo , assigning it a certain role.
Unfortunately it's not enough in cases where you need to add/remove individual users.

@swjensen @Alex Altuhov : It seems you two might have been thru the API posted above to add group with permission to a repo already?  Can someone please provide some hints as me how to figure out what the "group_owner" is and how to retrieve it? 

For example, looking at the "Workspace settings -->Assess Management -->User group"  I am seeing all the groups in my current workspace but as a click on an existing group, I don't see such info about how the group_owner is or how it can be set.

Thanks,

H

@hao the group owner is just the team again.  IE group-privileges/$Team/$RepoSlug/$Team/$GroupSlug.  

-Mark

Like Hao La likes this

Thank you @mark-studer !  That did it.

H

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Calling any interview participants for Bitbucket Data Center

Hi everyone,  We are looking to learn more about development teams’ workflows and pain points, especially around DevOps, integrations, administration, scale, security, and the related challeng...

451 views 4 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you