Repository Access Token permissions

Repository Access Tokens are single-purpose, repository-based access tokens that can be created with limited scopes (or permissions). The following types of scope are available for Repository Access Tokens:

To determine which scopes (permissions) the Repository Access Token will need, look up the APIs you need in the Bitbucket Cloud Developer Documentation.

 

Repositories

Repository permissions provide access to view or modify Bitbucket Cloud repositories. Bitbucket Cloud allows the following repository permission levels:

  • Read

  • Write

  • Admin

  • Delete

Read

Equivalent to the repository API scope.

Provides access to view repositories, including the source code. This does not include pull requests.

Write

Equivalent to the repository:write API scope.

Provides access to modify repositories, including the source code. This does not include pull requests.

Admin

Equivalent to the repository:admin API scope.

Provides access to administrator access to repositories. This permission (scope) allows the user to:

  • View and manipulate committer mappings.

  • List and edit deploy keys.

  • Ability to delete the repositories.

  • View and edit repositories permissions.

  • View and edit branch permissions.

  • List and edit default reviewers.

  • List and edit repository links (such as Jira, Bamboo, and custom links).

  • List and edit the repository webhooks.

  • Initiate a repository ownership transfer.

Delete

Equivalent to the repository:delete API scope.

Provides access to delete repositories.

 

Pull requests

Pull request permissions provide access to view or modify Bitbucket Cloud pull requests. Bitbucket Cloud allows the following pull request permission levels:

  • Read

  • Write

Read

Equivalent to the pullrequest API scope.

Provides access to view and list pull requests. This permission (scope) also allows the user to create and resolve tasks.

Write

Equivalent to the pullrequest:write API scope.

Provides access to create, comment, approve, decline, and merge pull requests.

 

Webhooks

The Webhooks permission provides read and write access to existing webhooks, allowing for the creation of webhooks when combined with other permissions. For details, see: Bitbucket Cloud REST APIs — Webhooks.

Read and write

Equivalent to the webhook API scope.

Required for webhook operations. Additional API scopes may be required. For details, see: Bitbucket Cloud REST APIs — Webhooks.

 

Pipelines

Pipelines permissions provide access to view or control Bitbucket Pipelines. Bitbucket Cloud allows the following pipeline permission levels:

  • Read

  • Write

  • Edit variables

Read

Equivalent to the pipeline API scope.

Provides access to view the pipelines, steps, deployment environments, and variables.

Write

Equivalent to the pipeline:write API scope.

Provides access to stop, rerun, resume, and manually trigger pipelines.

Edit variables

Equivalent to the pipeline:variable API scope.

Provides access to create pipelines environmental variables in repositories and deployments.

 

Runners

Runners permissions provide access to view or modify Bitbucket Pipelines Runners for a repository or repositories. Bitbucket Cloud allows the following pipeline runner permission levels:

  • Read

  • Write

Read

Equivalent to the runner API scope.

Provides access to view the pipelines runners for a repository or repositories.

Write

Equivalent to the runner:write API scope.

Provides access to create, edit, disable, and delete pipelines runners for a repository or repositories.

Still need help?

The Atlassian Community is here for you.