Explore essential concepts of access management in Bitbucket, focusing on permissions, roles, authentication, and security best practices. This quiz helps users understand how to effectively control and manage repository access while ensuring secure collaboration.
Which permission level allows a user to view, clone, and fork a repository, but not push changes or create pull requests?
Explanation: The 'Read' permission grants users the ability to view, clone, and fork repositories, without letting them push changes or create pull requests. 'Write' would allow pushing changes and interacting with pull requests. 'Admin' provides full control, including managing permissions, which is more than required here. 'Edit' is not a standard permission term in this access management system.
If you want to invite a developer to collaborate on a private repository without granting full administrative rights, which access role should you assign?
Explanation: Assigning the 'Write' access role lets the developer push changes, create branches, and manage pull requests, which covers most collaborative development tasks but does not grant admin privileges. 'Admin' or 'Owner' roles allow changing repository settings and permissions, which exceed the needs described. 'Reporter' would allow only limited, mostly non-interactive access.
A team member is leaving a project and should no longer access the repository, but you want to retain the integrity of their commit history. What is the best action to take?
Explanation: Removing repository access ensures the former team member cannot return or push changes while preserving their commits for historical accuracy. Deleting the user account could impact other projects or audit trails. Changing commit authorship removes proper attribution and can create confusion. Revoking authentication does not affect repository-specific permissions.
Which feature should be used to prevent non-admin users from pushing directly to the main branch in order to enforce code reviews?
Explanation: Branch permissions allow administrators to restrict who can push changes to specific branches, enforcing policies like mandatory code reviews on the main branch. Group assignment manages user sets but not specific branch actions. Fork syncing is for keeping forks up to date, unrelated to direct branch protection. SSH key management handles authentication, not access rules at the branch level.
What is one recommended security practice for managing user access in Bitbucket repositories?
Explanation: Role-based access control assigns appropriate permissions based on specific user responsibilities, reducing the risk of unauthorized actions. Sharing passwords decreases security and accountability, making audits difficult. Allowing anonymous public pushes removes all safeguards on repository modifications. Assigning all users administrator rights increases the risk of mistakes or security breaches.