Need a role with permissions to create/administer projects but not have access to site admin

jimknowlton · January 19, 2023, 8:46pm

CI system used - Bitbucket Cloud

We are trying to create a three-tiered role system where we have:

members who can execute scans
leads who can create and administer projects (including setting up code coverage, which requires access to the admin menu in the project)
owners who are basically managers/directors, who are responsible for managing users.

It seems like when I set someone up with the “lead” role (see screenshot), giving them access to everything except “administer organization”, they no longer see the “administration” menu in their project, which means they can no longer configure code coverage. which makes the “lead” role not useful.

Is there any way to make this work?

ganncamp · January 23, 2023, 7:41pm

Hi,

In your permission template you need to grant Creators permission to Administer the projects they create:

HTH,
Ann

jimknowlton · January 24, 2023, 6:55pm

Thanks…so if I also added “Administer” to my “Lead” role in the Permission templates, would it allow people with the “Lead” role to administer projects they didn’t personally create? Let’s say, you have a change of lead assignment (bob leaves the company). You’d want someone other than just the creator to be able to administer.

ganncamp · January 24, 2023, 6:58pm

Hi,

No.

You need - very specifically - to add Creator to your template. Then whoever creates the project gets the Creator permissions.

Then the creator can grant additional permissions as necessary.

HTH,
Ann

jimknowlton · January 24, 2023, 7:04pm

Ah, gotcha, I didn’t see the “Permissions” menu in the project Admin area. I get it now. Thanks.

ganncamp · January 24, 2023, 7:05pm

Hi again,

Sorry, but I just realized I answered in haste.

Yes, actually.

And that’s not what I meant (which is what my previous, hasty answer addressed).

Ann