Support for Server products ends Feb. 15, 2024. Learn what this means for you.

Server

Bitbucket Data Center / / Modules

Permission Management

Operations

GET

Get groups

Retrieve a page of groups.

The authenticated user must have LICENSED_USER permission or higher to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of groups.

application/json

object

GET/api/latest/admin/groups

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/groups' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "name": "group-a",
      "deletable": true
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

POST

Create group

Create a new group.

The authenticated user must have ADMIN permission or higher to call this resource.

Request

Query parameters

name

string

Required

Responses

The newly created group.

application/json

RestDetailedGroup

POST/api/latest/admin/groups

curl

Node.js

Java

Python

PHP

1
2
3

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/groups?name={name}' \
  --header 'Accept: application/json'

200Response

{
  "name": "group-a",
  "deletable": true
}

DEL

Remove group

Deletes the specified group, removing them from the system. This also removes any permissions that may have been granted to the group.

A user may not delete the last group that is granting them administrative permissions, or a group with greater permissions than themselves.

The authenticated user must have the ADMIN permission to call this resource.

Request

Query parameters

name

string

Required

Responses

The deleted group.

application/json

RestDetailedGroup

DEL/api/latest/admin/groups

curl

Node.js

Java

Python

PHP

1
2
3

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/admin/groups?name={name}' \
  --header 'Accept: application/json'

200Response

{
  "name": "group-a",
  "deletable": true
}

POST

Add multiple users to group

Add multiple users to a group.

The authenticated user must have the ADMIN permission to call this resource.

Request

Request bodyapplication/json

group

string

users

array<string>

Required

Responses

All the users were added to the group

application/json

any

POST/api/latest/admin/groups/add-users

curl

Node.js

Java

Python

PHP

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/groups/add-users' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "group": "group",
  "users": [
    "user1",
    "user2"
  ]
}'

GET

Get group members

Retrieves a list of users that are members of a specified group.

The authenticated user must have the LICENSED_USER permission to call this resource.

Request

Query parameters

filter

string

context

string

Required

start

number

limit

number

Responses

A page of users.

application/json

object

GET/api/latest/admin/groups/more-members

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/groups/more-members?context={context}' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "lastAuthenticationTimestamp": 1368145580548,
      "deletable": true,
      "mutableDetails": true,
      "directoryName": "Bitbucket Internal Directory",
      "mutableGroups": true,
      "name": "jcitizen",
      "id": 101,
      "type": "NORMAL",
      "displayName": "Jane Citizen",
      "slug": "jcitizen",
      "active": true,
      "emailAddress": "jane@example.com"
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

GET

Get members not in group

Retrieves a list of users that are not members of a specified group.

The authenticated user must have the LICENSED_USER permission to call this resource.

Request

Query parameters

filter

string

context

string

Required

start

number

limit

number

Responses

A page of users.

application/json

object

GET/api/latest/admin/groups/more-non-members

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/groups/more-non-members?context={context}' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "lastAuthenticationTimestamp": 1368145580548,
      "deletable": true,
      "mutableDetails": true,
      "directoryName": "Bitbucket Internal Directory",
      "mutableGroups": true,
      "name": "jcitizen",
      "id": 101,
      "type": "NORMAL",
      "displayName": "Jane Citizen",
      "slug": "jcitizen",
      "active": true,
      "emailAddress": "jane@example.com"
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

GET

Get groups with a global permission

Retrieve a page of groups that have been granted at least one global permission.

The authenticated user must have ADMIN permission or higher to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of groups and their highest global permissions.

application/json

object

GET/api/latest/admin/permissions/groups

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/groups' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "permission": "ADMIN",
      "group": {
        "name": "group_a"
      }
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

PUT

Update global permission for group

Promote or demote a group's global permission level. Available global permissions are:

LICENSED_USER
PROJECT_CREATE
ADMIN
SYS_ADMIN

See the Bitbucket Server documentation for a detailed explanation of what each permission entails.

The authenticated user must have:

ADMIN permission or higher; and
the permission they are attempting to grant or higher; and
greater or equal permissions than the current permission level of the group (a user may not demote the permission level of a group with higher permissions than them)

to call this resource. In addition, a user may not demote a group's permission level if their own permission level would be reduced as a result.

Request

Query parameters

name

array<string>

Required

permission

string

Required

Responses

The specified permission was granted to the specified user.

PUT/api/latest/admin/permissions/groups

curl

Node.js

Java

Python

PHP

1
2

curl --request PUT \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/groups?name={name}&permission={permission}'

DEL

Revoke all global permissions for group

Revoke all global permissions for a group.

The authenticated user must have:

ADMIN permission or higher; and
greater or equal permissions than the current permission level of the group (a user may not demote the permission level of a group with higher permissions than them)

to call this resource. In addition, a user may not revoke a group's permissions if their own permission level would be reduced as a result.

Request

Query parameters

name

string

Required

Responses

All global permissions were revoked from the group.

DEL/api/latest/admin/permissions/groups

curl

Node.js

Java

Python

PHP

1
2

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/groups?name={name}'

GET

Get groups with no global permission

Retrieve a page of groups that have no granted global permissions.

The authenticated user must have ADMIN permission or higher to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of groups that have not been granted any global permissions.

application/json

object

GET/api/latest/admin/permissions/groups/none

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/groups/none' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "name": "group-a",
      "deletable": true
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

GET

Get users with a global permission

Retrieve a page of users that have been granted at least one global permission.

The authenticated user must have ADMIN permission or higher to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of users and their highest global permissions.

application/json

object

GET/api/latest/admin/permissions/users

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/users' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "permission": "ADMIN",
      "group": {
        "name": "group_a"
      }
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

PUT

Update global permission for user

Promote or demote the global permission level of a user. Available global permissions are:

LICENSED_USER
PROJECT_CREATE
ADMIN
SYS_ADMIN

See the Bitbucket Server documentation for a detailed explanation of what each permission entails.

The authenticated user must have:

ADMIN permission or higher; and
the permission they are attempting to grant; and
greater or equal permissions than the current permission level of the user (a user may not demote the permission level of a user with higher permissions than them)

to call this resource. In addition, a user may not demote their own permission level.

Request

Query parameters

name

array<string>

Required

permission

string

Required

Responses

The requested permission was granted.

PUT/api/latest/admin/permissions/users

curl

Node.js

Java

Python

PHP

1
2

curl --request PUT \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/users?name={name}&permission={permission}'

DEL

Revoke all global permissions for user

Revoke all global permissions for a user.

The authenticated user must have:

ADMIN permission or higher; and
greater or equal permissions than the current permission level of the user (a user may not demote the permission level of a user with higher permissions than them)

to call this resource. In addition, a user may not demote their own permission level.

Request

Query parameters

name

string

Required

Responses

All global permissions were revoked from the user.

DEL/api/latest/admin/permissions/users

curl

Node.js

Java

Python

PHP

1
2

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/users?name={name}'

GET

Get users with no global permission

Retrieve a page of users that have no granted global permissions.

The authenticated user must have ADMIN permission or higher to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of users that have not been granted any global permissions.

application/json

object

GET/api/latest/admin/permissions/users/none

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/permissions/users/none' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "name": "jcitizen",
      "id": 101,
      "type": "NORMAL",
      "displayName": "Jane Citizen",
      "slug": "jcitizen",
      "active": true,
      "emailAddress": "jane@example.com"
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

GET

Get users

Retrieve a page of users.

The authenticated user must have the LICENSED_USER permission to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of users.

application/json

object

GET/api/latest/admin/users

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/users' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "lastAuthenticationTimestamp": 1368145580548,
      "deletable": true,
      "mutableDetails": true,
      "directoryName": "Bitbucket Internal Directory",
      "mutableGroups": true,
      "name": "jcitizen",
      "id": 101,
      "type": "NORMAL",
      "displayName": "Jane Citizen",
      "slug": "jcitizen",
      "active": true,
      "emailAddress": "jane@example.com"
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

PUT

Update user details

Update a user's details.

The authenticated user must have the ADMIN permission to call this resource.

Request

Request bodyapplication/json

displayName

string

email

string

name

string

Responses

The updated user.

application/json

RestDetailedUser

PUT/api/latest/admin/users

curl

Node.js

Java

Python

PHP

curl --request PUT \
  --url 'http://{baseurl}/rest/api/latest/admin/users' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "displayName": "Jane Citizen",
  "email": "jane@example.com",
  "name": "jcitizen"
}'

200Response

{
  "lastAuthenticationTimestamp": 1368145580548,
  "deletable": true,
  "mutableDetails": true,
  "directoryName": "Bitbucket Internal Directory",
  "mutableGroups": true,
  "name": "jcitizen",
  "id": 101,
  "type": "NORMAL",
  "displayName": "Jane Citizen",
  "slug": "jcitizen",
  "active": true,
  "emailAddress": "jane@example.com"
}

POST

Create user

Creates a new user from the assembled query parameters.

The default group can be used to control initial permissions for new users, such as granting users the ability to login or providing read access to certain projects or repositories. If the user is not added to the default group, they may not be able to login after their account is created until explicit permissions are configured.

The authenticated user must have the ADMIN permission to call this resource.

Request

Query parameters

emailAddress

string

Required

password

string

addToDefaultGroup

boolean

displayName

string

Required

name

string

Required

notify

boolean

Responses

The user was successfully created.

POST/api/latest/admin/users

curl

Node.js

Java

Python

PHP

1
2

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/users?emailAddress={emailAddress}&displayName={displayName}&name={name}'

DEL

Remove user

Deletes the specified user, removing them from the system. This also removes any permissions that may have been granted to the user.

A user may not delete themselves, and a user with ADMIN permissions may not delete a user with SYS_ADMINpermissions.

The authenticated user must have the ADMIN permission to call this resource.

Request

Query parameters

name

string

Required

Responses

The deleted user.

application/json

RestDetailedUser

DEL/api/latest/admin/users

curl

Node.js

Java

Python

PHP

1
2
3

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/admin/users?name={name}' \
  --header 'Accept: application/json'

200Response

{
  "lastAuthenticationTimestamp": 1368145580548,
  "deletable": true,
  "mutableDetails": true,
  "directoryName": "Bitbucket Internal Directory",
  "mutableGroups": true,
  "name": "jcitizen",
  "id": 101,
  "type": "NORMAL",
  "displayName": "Jane Citizen",
  "slug": "jcitizen",
  "active": true,
  "emailAddress": "jane@example.com"
}

POST

Add user to groups

Add a user to one or more groups.

The authenticated user must have the ADMIN permission to call this resource.

Request

Request bodyapplication/json

groups

array<string>

Required

user

string

Responses

The user was added to all the groups

application/json

any

POST/api/latest/admin/users/add-groups

curl

Node.js

Java

Python

PHP

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/users/add-groups' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "groups": [
    "group_a",
    "group_b"
  ],
  "user": "user"
}'

DEL

Clear CAPTCHA for user

Clears any CAPTCHA challenge that may constrain the user with the supplied username when they authenticate. Additionally any counter or metric that contributed towards the user being issued the CAPTCHA challenge (for instance too many consecutive failed logins) will also be reset.

The authenticated user must have the ADMIN permission to call this resource, and may not clear the CAPTCHA of a user with greater permissions than themselves.

Request

Query parameters

name

string

Required

Responses

The CAPTCHA was successfully cleared.

DEL/api/latest/admin/users/captcha

curl

Node.js

Java

Python

PHP

1
2

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/admin/users/captcha?name={name}'

PUT

Set password for user

Update a user's password.

The authenticated user must have the ADMIN permission to call this resource, and may not update the password of a user with greater permissions than themselves.

Request

Request bodyapplication/json

name

string

password

string

passwordConfirm

string

Responses

The user's password was successfully updated.

PUT/api/latest/admin/users/credentials

curl

Node.js

Java

Python

PHP

curl --request PUT \
  --url 'http://{baseurl}/rest/api/latest/admin/users/credentials' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "jcitizen",
  "password": "my-secret-password",
  "passwordConfirm": "my-secret-password"
}'

GET

Check user removal

Validate if a user can be erased.

A username is only valid for erasure if it exists as the username of a deleted user. This endpoint will return an appropriate error response if the supplied username is invalid for erasure.

This endpoint does not perform the actual user erasure, and will not modify the application in any way.

The authenticated user must have the ADMIN permission to call this resource.

Request

Query parameters

name

string

Required

Responses

the user is erasable

GET/api/latest/admin/users/erasure

curl

Node.js

Java

Python

PHP

1
2

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/users/erasure?name={name}'

POST

Erase user information

Erases personally identifying user data for a deleted user.

References in the application to the original username will be either removed or updated to a new non-identifying username. Refer to the support guide for details about what data is and isn't erased.

User erasure can only be performed on a deleted user. If the user has not been deleted first then this endpoint will return a bad request and no erasure will be performed.

Erasing user data is irreversible and may lead to a degraded user experience. This method should not be used as part of a standard user deletion and cleanup process.

Plugins can participate in user erasure by defining a <user-erasure-handler> module. If one or more plugin modules fail, an error summary of the failing modules is returned.

The authenticated user must have the ADMIN permission to call this resource.

Request

Query parameters

name

string

Required

Responses

The identifier of the erased user.

application/json

RestErasedUser

POST/api/latest/admin/users/erasure

curl

Node.js

Java

Python

PHP

1
2
3

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/users/erasure?name={name}' \
  --header 'Accept: application/json'

200Response

1
2
3

{
  "newIdentifier": "user-123ab"
}

GET

Get groups for user

Retrieves a list of users that are not members of a specified group.

The authenticated user must have the LICENSED_USER permission to call this resource.

Request

Query parameters

filter

string

context

string

Required

start

number

limit

number

Responses

A page of users.

application/json

object

GET/api/latest/admin/users/more-members

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/users/more-members?context={context}' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "lastAuthenticationTimestamp": 1368145580548,
      "deletable": true,
      "mutableDetails": true,
      "directoryName": "Bitbucket Internal Directory",
      "mutableGroups": true,
      "name": "jcitizen",
      "id": 101,
      "type": "NORMAL",
      "displayName": "Jane Citizen",
      "slug": "jcitizen",
      "active": true,
      "emailAddress": "jane@example.com"
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

GET

Find other groups for user

Retrieves a list of groups the specified user is not a member of.

The authenticated user must have the LICENSED_USER permission to call this resource.

Request

Query parameters

filter

string

context

string

Required

start

number

limit

number

Responses

A page of groups.

application/json

object

GET/api/latest/admin/users/more-non-members

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/admin/users/more-non-members?context={context}' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "name": "group-a",
      "deletable": true
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

POST

Remove user from group

Remove a user from a group. This is very similar to groups/remove-user, but with the context and itemName attributes of the supplied request entity reversed. On the face of it this may appear redundant, but it facilitates a specific UI component in the application.

In the request entity, the context attribute is the user and the itemName is the group.

The authenticated user must have the ADMIN permission to call this resource.

Request

Request bodyapplication/json

context

string

itemName

string

Responses

The user was removed from the group.

application/json

any

POST/api/latest/admin/users/remove-group

curl

Node.js

Java

Python

PHP

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/users/remove-group' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "context": "user_a",
  "itemName": "group_a"
}'

POST

Rename user

Rename a user.

The authenticated user must have the ADMIN permission to call this resource.

Request

Request bodyapplication/json

name

string

newName

string

Responses

The renamed user.

application/json

RestDetailedUser

POST/api/latest/admin/users/rename

curl

Node.js

Java

Python

PHP

curl --request POST \
  --url 'http://{baseurl}/rest/api/latest/admin/users/rename' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "jcitizen",
  "newName": "jcitizen-new"
}'

200Response

{
  "lastAuthenticationTimestamp": 1368145580548,
  "deletable": true,
  "mutableDetails": true,
  "directoryName": "Bitbucket Internal Directory",
  "mutableGroups": true,
  "name": "jcitizen",
  "id": 101,
  "type": "NORMAL",
  "displayName": "Jane Citizen",
  "slug": "jcitizen",
  "active": true,
  "emailAddress": "jane@example.com"
}

GET

Get group names

Retrieve a page of group names.

The authenticated user must have LICENSED_USER permission or higher to call this resource.

Request

Query parameters

filter

string

start

number

limit

number

Responses

A page of group names.

application/json

object

GET/api/latest/groups

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/groups' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    "<string>"
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

DEL

Revoke all repository permissions for users and groups

Revoke all permissions for the specified repository for the given groups and users.

The authenticated user must have PROJECT_ADMIN permission for the specified repository or a higher global permission to call this resource.

In addition, a user may not revoke a group's permission if their own permission would be revoked as a result, nor may they revoke their own permission unless they have a global permission that already implies that permission.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

user

string

group

string

Responses

All repository permissions were revoked from the users and groups for the specified repository.

DEL/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions

curl

Node.js

Java

Python

PHP

1
2

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions'

GET

Get groups with permission to repository

Retrieve a page of groups that have been granted at least one permission for the specified repository.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

filter

string

start

number

limit

number

Responses

A page of groups and their highest permissions for the specified repository.

application/json

object

GET/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "permission": "ADMIN",
      "group": {
        "name": "group_a"
      }
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

PUT

Update group repository permission

Promote or demote a group's permission level for the specified repository. Available repository permissions are:

REPO_READ
REPO_WRITE
REPO_ADMIN

See the Bitbucket Server documentation for a detailed explanation of what each permission entails.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource. In addition, a user may not demote a group's permission level if their own permission level would be reduced as a result.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

name

array<string>

Required

permission

string

Required

Responses

The requested permission was granted.

PUT/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups

curl

Node.js

Java

Python

PHP

1
2

curl --request PUT \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups?name={name}&permission={permission}'

DEL

Revoke group repository permission

Revoke all permissions for the specified repository for a group.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource.

In addition, a user may not revoke a group's permissions if it will reduce their own permission level.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

name

string

Required

Responses

All repository permissions were revoked from the group for the specified repository.

DEL/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups

curl

Node.js

Java

Python

PHP

1
2

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups?name={name}'

GET

Get groups without repository permission

Retrieve a page of groups that have no granted permissions for the specified repository.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

filter

string

start

number

limit

number

Responses

A page of groups that have not been granted any permissions for the specified repository.

application/json

object

GET/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups/none

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/groups/none' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "name": "group-a",
      "deletable": true
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

GET

Search repository permissions

Search direct and implied permissions of users and groups. This endpoint returns a superset of the results returned by the /users and /groups endpoints because it allows filtering by project and global permissions too.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project/global permission to call this resource.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

permission

string

filterText

string

type

string

Responses

default response

application/json;charset=UTF-8

any

GET/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/search

curl

Node.js

Java

Python

PHP

1
2

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/search'

GET

Get users with permission to repository

Retrieve a page of users that have been granted at least one permission for the specified repository.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

filter

string

start

number

limit

number

Responses

A page of users and their highest permissions for the specified repository.

application/json

object

GET/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "permission": "USER_ADMIN",
      "user": {
        "name": "jcitizen",
        "id": 101,
        "type": "NORMAL",
        "displayName": "Jane Citizen",
        "slug": "jcitizen",
        "active": true,
        "emailAddress": "jane@example.com"
      }
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}

PUT

Update user repository permission

Promote or demote a user's permission level for the specified repository. Available repository permissions are:

REPO_READ

See the Bitbucket Server documentation for a detailed explanation of what each permission entails.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource. In addition, a user may not reduce their own permission level unless they have a project or global permission that already implies that permission.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

name

array<string>

Required

permission

string

Required

Responses

The requested permission was granted.

PUT/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users

curl

Node.js

Java

Python

PHP

1
2

curl --request PUT \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users?name={name}&permission={permission}'

DEL

Revoke user repository permission

Revoke all permissions for the specified repository for a user.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource.

In addition, a user may not revoke their own repository permissions if they do not have a higher project or global permission.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

name

string

Required

Responses

All repository permissions were revoked from the user for the specified repository.

DEL/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users

curl

Node.js

Java

Python

PHP

1
2

curl --request DELETE \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users?name={name}'

GET

Get users without repository permission

Retrieve a page of licensed users that have no granted permissions for the specified repository.

The authenticated user must have REPO_ADMIN permission for the specified repository or a higher project or global permission to call this resource.

Request

Path parameters

projectKey

string

Required

repositorySlug

string

Required

Query parameters

filter

string

start

number

limit

number

Responses

A page of users that have not been granted any permissions for the specified repository.

application/json

object

GET/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users/none

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'http://{baseurl}/rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/users/none' \
  --header 'Accept: application/json'

200Response

{
  "values": [
    {
      "name": "jcitizen",
      "id": 101,
      "type": "NORMAL",
      "displayName": "Jane Citizen",
      "slug": "jcitizen",
      "active": true,
      "emailAddress": "jane@example.com"
    }
  ],
  "size": 1,
  "limit": 25,
  "start": 2154,
  "isLastPage": true,
  "nextPageStart": 2154
}