-
Improvement
-
Resolution: Unresolved
-
Major
-
None
It is impossible to configure an Bitbucket Server instance without supplying a personal access token with admin rights. The token is used only for automatic webhook configuration.
It should be possible to configure to skip webhook configuration here and let it be overriden during project creation and have users supply a credential to use for it.
In large organisations its rarely the case a single user has admin access to all repositories.
Hi Bas, thanks for the suggestion.
There are a few approaches we can take here. The ideal fix for this in the future is introducing proper two-way applinking between Jenkins and Bitbucket, which will remove the need for personal access tokens entirely, but this is a large feature we don't anticipate shipping soon.
A workaround for this is to add multiple Bitbucket Server configurations to your global config. Each configuration can point to the same instance, but you can use personal access tokens with, for example, project admin privileges provided that instance is only used to build jobs on that particular project. This would also work with a repo admin token, but it would only work for that repo, so if you can manage with project admin, that would be the better way to go.
I will leave this ticket open for now. If we commit to a two-way applink in the future, I'll close this as a duplicate- otherwise will leave this as a feature suggestion to appraise later. Thanks again.