By default, Security for Bitbucket enforces the following permissions:

  1. Bitbucket Administrators can configure Security for Bitbucket and access the global Security Scan Report.

  2. Anyone with Repository Write permission can access the Repository-level Dashboard for that repository.

  3. Project administrators may access the Project-level Dashboard for that project, and use the REST API to trigger scans for all repositories in that project, and fetch the results.

You may give additional users the ability to view the Security Scan Report and access Security for Bitbucket’s configuration. These users will also be able to trigger scans and view results for projects and repositories.

Even if a user is granted access to the global Security Scan Report, they will only see repositories for which they have Read permissions.

Administrators may grant access as follows:

  1. Go to to Administration → Add-Ons → Security for Bitbucket Settings page.
    The Security for Bitbucket Settings page appears as shown.

    The app access setting in the Security for Bitbucket settings.

  2. Under “App access for additional users and groups”, add the user or group to which you would like to grant access to the global settings and reports.

  3. The user or group will now be able to access the reports page as well as the Security for Bitbucket Settings page.