Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

App password permissions vs direct project and repository permissions

Steve Taunton
Steve Taunton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 5, 2025

How do the permissions assigned to app passwords work with the permissions placed directly on projects and repositories?  Which takes precedence? I can't find any document that discusses this.

Example

I (as a workspace admin) assign a user Clone access directly to a single repository

The end user creates an app password so they can use git.  When they create the app password, they give themselves read, write, admin and delete permissions to repositories.

What are the end user's effective permissions on repositories using git?  Clone only as I assigned on that one repository or do they have  read, write, admin and delete permissions to the repository as they specified in the app password permissions. I'm almost positive it's Clone only to that one repository but had to ask.

App passwords are a new concept to me so forgive the newbie question.

Answer
Watch
Like Be the first to like this
163 views

1 answer

0 votes
Phil C
Phil C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 6, 2025

Hi Steve,

Welcome to the community!

Great question! The permissions a user has when using an app password are still limited by the access granted to them at the repository or project level.

In your example:

  • You (as a workspace admin) assign the user clone access (read) to a specific repository.
  • The user creates an app password and selects the permissions (read, write, admin, delete) for that specific app password.

Even though they granted all repository-related permissions in their app password, their actual access is limited to clone (read) for that specific repository. The app password does not override the repository-level permissions set by the admin. It only provides an authentication mechanism based on the permissions the user already has.

So, in this case, the user’s effective permissions using Git would be clone only for that repository.

I hope this helps. Let me know if you need further clarification!

Cheers,

- Phil C.

View More Comments
Steve Taunton
Steve Taunton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 7, 2025

Perfect.  thank you!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.