Products
Get started
Documentation
Resources
Atlassian Support
/
Bitbucket
/
Resources
/
Join or create and manage workspaces in Bitbucket Cloud
/
Workspace Access Tokens
Cloud

Workspace Access Token permissions

Workspace Access Tokens are a premium feature. To learn about the Bitbucket Cloud Premium plan, visit: Bitbucket Cloud Premium.

Workspace Access Tokens are single-purpose, workspace-based access tokens that can be created with limited scopes (or permissions). The following types of scope are available for Workspace Access Tokens:

To determine which scopes (permissions) the Workspace Access Token will need, look up the APIs you need in the Bitbucket Cloud Developer Documentation.

Repositories

Repository permissions provide access to view or modify Bitbucket Cloud repositories. Bitbucket Cloud allows the following repository permission levels:

  • Read

  • Write

  • Admin

  • Delete

Read

Equivalent to the repository API scope.

Provides access to view repositories, including the source code. This does not include pull requests.

Write

Equivalent to the repository:write API scope.

Provides access to modify repositories, including the source code. This does not include pull requests.

Admin

Equivalent to the repository:admin API scope.

Provides access to administrator access to repositories. This permission (scope) allows the user to:

  • View and manipulate committer mappings.

  • List and edit deploy keys.

  • Ability to delete the repositories.

  • View and edit repositories permissions.

  • View and edit branch permissions.

  • List and edit default reviewers.

  • List and edit repository links (such as Jira, Bamboo, and custom links).

  • List and edit the repository webhooks.

  • Initiate a repository ownership transfer.

Delete

Equivalent to the repository:delete API scope.

Provides access to delete repositories.

 

Projects

Project permissions provide access to view or modify Bitbucket Cloud Projects. Bitbucket Cloud allows the following project permission levels:

  • Read

  • Admin

Read

Equivalent to the project API scope.

Provides access to view the project or projects and read access (repository) to the repositories in the project.

Admin

Equivalent to the project:admin API scope.

Provides administrative access to a project or projects. No distinction is made between public and private projects. This scope doesn't implicitly grant the project scope or the repository:write scope on any repositories under the project. It gives access to the admin features of a project only, not direct access to the project’s repositories. This scope provides access to:

  • create a project

  • update a project

  • delete a project

Pull requests

Pull request permissions provide access to view or modify Bitbucket Cloud pull requests. Bitbucket Cloud allows the following pull request permission levels:

  • Read

  • Write

Read

Equivalent to the pullrequest API scope.

Provides access to view and list pull requests. This permission (scope) also allows the user to create and resolve tasks.

Write

Equivalent to the pullrequest:write API scope.

Provides access to create, comment, approve, decline, and merge pull requests.

 

Webhooks

The Webhooks permission provides read and write access to existing webhooks, allowing for the creation of webhooks when combined with other permissions. For details, see: Bitbucket Cloud REST APIs — Webhooks.

Read and write

Equivalent to the webhook API scope.

Required for webhook operations. Additional API scopes may be required. For details, see: Bitbucket Cloud REST APIs — Webhooks.

 

Pipelines

Pipelines permissions provide access to view or control Bitbucket Pipelines. Bitbucket Cloud allows the following pipeline permission levels:

  • Read

  • Write

  • Edit variables

Read

Equivalent to the pipeline API scope.

Provides access to view the pipelines, steps, deployment environments, and variables.

Write

Equivalent to the pipeline:write API scope.

Provides access to stop, rerun, resume, and manually trigger pipelines.

Edit variables

Equivalent to the pipeline:variable API scope.

Provides access to create pipelines environmental variables in repositories and deployments.

 

Runners

Runners permissions provide access to view or modify Bitbucket Pipelines Runners for a repository or repositories. Bitbucket Cloud allows the following pipeline runner permission levels:

  • Read

  • Write

Read

Equivalent to the runner API scope.

Provides access to view the pipelines runners for a repository or repositories.

Write

Equivalent to the runner:write API scope.

Provides access to create, edit, disable, and delete pipelines runners for a repository or repositories.

Account

Account permissions provide access to view the user’s Bitbucket Cloud account or workspace details.

Read

Equivalent to the account API scope.

When used for:

  • user-related APIs — Gives read-only access to the user's account information. Note that this doesn't include any ability to change any of the data. This scope allows you to view the user's:

    • email addresses

    • language

    • location

    • website

    • full name

    • SSH keys

    • user groups

  • workspace-related APIs — Grants access to view the workspace's:

    • users

    • user permissions

    • projects

Additional Help

On this pageRepositoriesReadWriteAdminDeleteProjectsReadAdminPull requestsReadWriteWebhooksRead and writePipelinesReadWriteEdit variablesRunnersReadWriteAccountRead
CommunityQuestions, discussions, and articles