Search code examples
bitbucketbitbucket-apibitbucket-server

Is it possible to restrict the permissions to only allow REST API calls in Bitbucket Server?

I was wondering if it is possible to restrict the credentials of a user to only allow to perform REST API calls (ideally selected ones).

I would like to restrict the user created for Jenkins purposes on to be able to:

  1. trigger the build (using POST commit hook),
  2. update the build status (using Build Status API)

Thanks.

Solution

  • Short answer is - no. There are no specific permission for the REST api.

    In details:

    1. A post received hook runs after a push operation. In case of Bitbucket Server it runs also after a merge of a pull request. The documentation says:

      The authenticated user must have REPO_WRITE permission for the repository that this pull request targets to call this resource.

    So, you must give a write access to the user in order to trigger a post-receive hook

    1. According to the documentation:

    The authenticated user must have LICENSED permission or higher to call this resource.

    So you can use a user with minimal permissions