Using APIs to manage user access to repositories

Nalin M April 14, 2022

Hi,

We wanted to reduce our interaction with Bitbucket UI and also setup a process to generate audit reports to better understand which users have access to which repositories and at what level of permissions.

I have been able to identify APIs that allow me to get the information needed to generate the audit reports, but I was unable to find any API that would allow us to give a specific user read/write/admin access to a repository.

Asking here just in case I missed something. 

Thanks!

2 answers

0 votes
Karthick S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 14, 2022

Hello @Nalin M

Thanks for the update and for providing more context. You may use the Invitation endpoint API  to add the user directly to the repository. The user will receive an invitation mail and they need to accept it. 

Sample CURL call:

curl -u  username:AppPassword --request POST https://api.bitbucket.org/1.0/invitations/workspace_ID/repo_slug --data permission=write --data email="emailID"

I hope this helps.

Kind regards,
Karthick S

Nalin M April 15, 2022

Thanks for getting back with another solution @Karthick S . 

This solution only works partially. I am trying to manage all aspects of user access via APIs. I can only invite a user to join a repository via this API endpoint, but I can not:

  • Change the level of access, i.e. promote it from read to write or demote it from admin to read only etc.
  • Revoke access completely to a repository for a user directly given access to the repository (not via groups).

 

I understand these operations are possible on groups, but not on individual users. We'll basically like to be able to do CRUD on an individual user's permissions to repositories.

End goal is to manage user and group permissions via configuration stored outside of Bitbucket and using that configuration with Bitbucket APIs to manage user and team access to various repositories. We have many teams and no one to manage the day to day requests to grant/revoke repository access.

0 votes
Karthick S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 14, 2022

Hello @Nalin M

Thank you for reaching out to Atlassian Community. 

Currently, you may use group endpoint API to modify the permissions of a group. For example, the below CURL call would update the permissions for a given group.

curl --request PUT --user "username:Apppassword" --header "Content-Type: application/json" https://api.bitbucket.org/1.0/groups/WORKSPACE_ID/GROUP_SLUG --data '{"name":"group_slug","permission":"read","auto_add":true}'

I hope this helps.

Kind regards,
Karthick S

Nalin M April 14, 2022

Thanks for the reply Karthick, but unfortunately, that doesnt help.

Question above is about giving permissions to a "specific" user, not a group. Apologies if it wasn't clear.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events