Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Setting repo permissions using BB Cloud API 2.0

jimkane
jimkane March 21, 2019

I have a few scripts that use curl to help me with repo administration.   One of the scripts helps me set repo permissions.  It used to work fine using the 1.0 privileges endpoint.  Now I need to move to 2.0 and I can't figure out how to set permissions in the 2.0 API.

Can anyone provide an example?

Answer
Watch
Like Be the first to like this
3314 views

3 answers

1 accepted

0 votes
Answer accepted
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 25, 2019

Hello Jim,

You’re correct in that the v1 Cloud REST API did allow you to manage users and permission across Bitbucket. However, with the depreciation of the v1 REST API come April 2019, most of these permission endpoints have been removed or the verb only allowing GET. Further information about which endpoints will be deprecated along with if or what they’re replaced with may be found at Deprecation notice - Bitbucket Cloud REST API version 1 is deprecated effective 30 June 2018. Additional there is further explanation around why this deprecation is taking place, why the change is happening and what’s to come, please see Migration guide for major changes to Bitbucket Cloud REST APIs to improve user privacy

Alternatively, there is an endpoint that does offer control over Branch level permissions, though this may not be exactly what you’re looking for. You may find this endpoint at /2.0/repositories/{username}/{repo_slug}/branch-restrictions.

I hope this proves helpful and gives some insights into why this has happened along with where it will be going.

Regards,
Stephen Sifers

View More Comments
jimkane
jimkane March 25, 2019

Stephen,

Though, not what I wanted to hear thank you for your reply.  I was hoping that I was missing something in reviewing the 2.0 APIs.

Just for the record, the script I was using to set permissions on repos was my work around to not being able to control permissions at the project level.

Thanks again,

-Jim

Like # people like this
Reply
0 votes
swjensen
swjensen September 8, 2020

While it's not completely intuitive, there is a way to manage repo permissions via the API: https://support.atlassian.com/bitbucket-cloud/docs/group-privileges-endpoint/

This is one of the few 1.0 endpoints that is still available.

simply make a call like this:

PUT https://api.bitbucket.org/1.0/group-privileges/{workspace_id}/{repo_slug}/{group_owner}/{group_slug} --data "{privilege}"

it would be nice if the existing 2.0 documentation pointed to this a little more obviously.

View More Comments
Alex Altuhov
Alex Altuhov
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 20, 2020

Yes, you can create groups and add the groups to a repo , assigning it a certain role.
Unfortunately it's not enough in cases where you need to add/remove individual users.

Like
Hao La
Hao La March 2, 2021

@swjensen @Alex Altuhov : It seems you two might have been thru the API posted above to add group with permission to a repo already?  Can someone please provide some hints as me how to figure out what the "group_owner" is and how to retrieve it? 

For example, looking at the "Workspace settings -->Assess Management -->User group"  I am seeing all the groups in my current workspace but as a click on an existing group, I don't see such info about how the group_owner is or how it can be set.

Thanks,

H

Like
mark-studer
mark-studer
Contributor
March 3, 2021

@hao the group owner is just the team again.  IE group-privileges/$Team/$RepoSlug/$Team/$GroupSlug.  

-Mark

Like Hao La likes this
Hao La
Hao La March 3, 2021

Thank you @mark-studer !  That did it.

H

Like
Reply
0 votes
mark-studer
mark-studer
Contributor
July 14, 2019

Stephen,

This is really disappointing.  Why would you deprecate the v1 API without porting over the functionality to v2?  Also, the documentation doesn't talk about that functionality being removed or the other gaps with the v2 endpoints.  This was the only method for working around lacking native functionality in the product.  Obviously permission endpoints still exist, but are just private for the UI, can you make the public?

Can you comment on when we will have equivalent API's in v2?  Or why we won't get API's for managing permissions in v2?

Thanks,

Mark

View More Comments
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 15, 2019

Hello Mark,

The deprecation notice does cover the reason as to why the endpoints are removed from v1 to v2. Along with this, there is further explanation within the GDPR  changes which also impact these endpoints.

In regards to user management, the following should help to further understand how to manage users moving forward:

To comply with GDPR restrictions on personally identifiable information, and to adopt the Atlassian account, these endpoints do not have a direct replacement in the 2.0 API. Users will only be allowed to be invited by email, and they must explicitly accept the invitation before they can access private Bitbucket content.

Moving forward with the 2.0 REST API and beyond we intend to rely on the Atlassian Cloud Admin API for user and group management, but those API endpoints are not yet available.

Source documentation: Deprecation notice - Bitbucket Cloud REST API version 1 is deprecated effective 30 June 2018

and Bitbucket Cloud REST APIs are changing to improve user privacy

From this, we can see that the Organization REST API endpoints will be the path to use for user management. Further information on this REST API may be found at About the organization REST API.

I hope this information proves helpful and adds some clarity around the deprecation of user management and how to manage users moving forward.

Regards,
Stephen Sifers

Like
mark-studer
mark-studer
Contributor
July 29, 2019

Hi Stephen,

I really appreciate the response, but I don't think we are talking about the same v1 endpoints.  The Atlassian Cloud Admin API doesn't have any endpoints that would allow you to control permissions per repo in Bitbucket (as far as I can tell).  These new API's are great for generic user management of Atlassian accounts, but don't solve the issue of repository level permissions.  What is the plan to allow API access to configure repository permissions?

Use Case Example:

I have a project that contains 100 repositories.  The company decides to bring in a new set of contractors to work on this project.  We don't want to give access to all the repositories in our account so we would like to create a group and then grant read/write access for the group to each repository in that project.  I don't need to automate the group creation or the users in the group, but need to automate granting read/write permissions for that group to each repository.  Without API access managing permissions for large environments becomes very difficult.

Thanks,

Mark

Like # people like this
Somepotato_NA
Somepotato_NA December 23, 2019

 

 

...how does GDPR restrictions forbid BitBucket from programmatic access to modifying access to a repository?

Like
nbarnwell
nbarnwell April 7, 2020

An update on when the ability to grant a user or usergroup access to a given repo would be very helpful.

Warm regards,

Neil.

Like Saket Kumar likes this
mark-studer
mark-studer
Contributor
June 11, 2020

As an update to this, I've added support to my PowerShell module for managing groups on repos and we use it for update our permissions across large sets of repos in a project.  You can check it out here: https://github.com/beyondcomputing-org/Atlassian.Bitbucket

Like
Saket Kumar
Saket Kumar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 18, 2020

I was exactly looking for this and have run into this post. How is granting programmatic access to an API run foul with GDPR?

 

It is just painful to manage the permissions for a large number of repositories on a user/group basis when there is no API to do that.

 

I know that workspaces is being developed probably to address this but it is not there yet.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events