Get started with Bitbucket Cloud
New to Bitbucket Cloud? Check out our get started guides for new users.
App passwords are single purpose, user-based access tokens which can be created with limited permissions (or scope). The following types of permissions are available for App passwords:
Account permissions provide access to view or modify the user’s Bitbucket Cloud account. Bitbucket Cloud allows the following account permission levels:
Read
Write
Equivalent to the email API scope.
Provides access to view the user's primary email address.
Equivalent to the account API scope.
Provides access to view all of the user’s account information, including (but not limited to):
full name
email addresses
location
user groups
SSH keys
website
language
Equivalent to the account:write API scope.
Provides access to manage the user’s account information, including access to delete the user’s account.
Workspace membership permissions provide access to view or modify the user’s Bitbucket Cloud Workspaces. Bitbucket Cloud allows the following workspace membership permission levels:
Read
Write
Equivalent to the team API scope.
Provides access to view the workspaces where the user is a member.
Equivalent to the team:write API scope.
Provides access to manage all workspaces where the user is an administrator.
Project permissions provide access to view or modify the user’s Bitbucket Cloud Projects. Bitbucket Cloud allows the following project permission levels:
Read
Write
Admin
Equivalent to the project API scope.
Provides access to view the projects the user has access to view. Read access (repository) to all the repositories in the projects is also granted.
Equivalent to the project:write API scope.
This scope is deprecated, and has been made obsolete by project:admin. Please see the deprecation notice here.
Equivalent to the project:admin API scope.
Provides administrative access to a project or projects. No distinction is made between public and private projects. This scope doesn't implicitly grant the project scope or the repository:write scope on any repositories under the project. It gives access to the admin features of a project only, not direct access to the project’s repositories. This scope provides access to:
create a project
update a project
delete a project
Repository permissions provide access to view or modify the user’s Bitbucket Cloud repositories. Bitbucket Cloud allows the following repository permission levels:
Read
Write
Admin
Delete
Equivalent to the repository API scope.
Provides access to view all the repositories the user has access to view, including the source code, Issues, and Wiki. This does not include pull requests.
Equivalent to the repository:write API scope.
Provides access to modify all the repositories the user has access to change, including the source code, Issues, and Wiki. This does not include pull requests.
Equivalent to the repository:admin API scope.
Provides access to administrator access to all repositories the user has administrator access for. This permission (scope) allows the user to:
View and manipulate committer mappings.
List and edit deploy keys.
Ability to delete the repositories.
View and edit repositories permissions.
View and edit branch permissions.
Import and export the issue tracker.
Enable and disable the issue tracker.
List and edit issue tracker version, milestones, and components.
Enable and disable the wiki.
List and edit default reviewers.
List and edit repository links (such as Jira, Bamboo, and custom links).
List and edit the repository webhooks.
Initiate a repository ownership transfer.
Equivalent to the repository:delete API scope.
Provides access to delete repositories where the user is an administrator.
Pull request permissions provide access to view or modify Bitbucket Cloud pull requests accessible by the user. Bitbucket Cloud allows the following pull request permission levels:
Read
Write
Equivalent to the pullrequest API scope.
Provides access to view and list pull requests on the repositories the user has access to view. This permission (scope) also allows the user to create and resolve tasks.
Equivalent to the pullrequest:write API scope.
Provides access to create, comment, approve, decline, and merge pull requests the user has access to modify.
Issues permissions provide access to view or modify Bitbucket Cloud repository issues accessible by the user. Bitbucket Cloud allows the following issue permission levels:
Read
Write
Equivalent to the issue API scope.
Provides access to view, list, search, create, comment, watch, and vote for issues on repositories the user has access to view.
Equivalent to the issue:write API scope.
Provides access to transition and delete issues the user has access to modify.
The Wikis permission provides access to view or modify Bitbucket Cloud Wikis that are accessible by the user.
Equivalent to the wiki API scope.
Provides access to create, edit, and view wiki pages; including cloning and pushing to the wiki repositories the user has access to modify.
Snippets permissions provide access to view or modify Bitbucket Cloud code snippets in Workspaces that are accessible by the user. Bitbucket Cloud allows the following snippet permission levels:
Read
Write
Equivalent to the snippet API scope.
Provides access to view and comment on any Snippets the user has access to view.
Equivalent to the snippet:write API scope.
Provides access to create, edit, and delete any Snippets the user has access to modify.
The Webhooks permission provides access to view all existing webhooks that are accessible to the user, and provides write access for creating webhooks when combined with other permissions. For details, see: Bitbucket Cloud REST APIs — Webhooks.
Equivalent to the webhook API scope.
Required for webhook operations. Additional API scopes may be required. For details, see: Bitbucket Cloud REST APIs — Webhooks.
Pipelines permissions provide access to view or control Bitbucket Pipelines for repositories that are accessible by the user. Bitbucket Cloud allows the following pipeline permission levels:
Read
Write
Edit variables
Equivalent to the pipeline API scope.
Provides access to view the pipelines, steps, deployment environments, and variables the user has access to view.
Equivalent to the pipeline:write API scope.
Provides access to stop, rerun, resume, and manually trigger pipelines the user has access to control.
Equivalent to the pipeline:variable API scope.
Provides access to create pipelines environmental variables in workspaces, repositories, and deployments where the user can create environmental variables.
Runners permissions provide access to view or modify Bitbucket Pipelines Runners for a Workspace and its repositories. Bitbucket Cloud allows the following pipeline runner permission levels:
Read
Write
Equivalent to the runner API scope.
Provides access to view the pipelines runners for a Workspace and its repositories.
Equivalent to the runner:write API scope.
Provides access to create, edit, disable, and delete pipelines runners for a Workspace and its repositories.
Was this helpful?