By default, Security for Bitbucket enforces the following permissions:
Bitbucket Administrators can configure Security for Bitbucket and access the Soteri Global Dashboard.
Anyone with Repository Write permission can access the Repository-level Dashboard for that repository.
Project administrators may access the Project-level Dashboard for that project, and use the REST API to trigger scans for all repositories in that project, and fetch the results.
You may give additional users the ability to view the Global Dashboard and access Security for Bitbucket’s configuration. These users will also be able to trigger scans and view results for projects and repositories.
Even if a user is granted access to the Global Dashboard, they will only see repositories for which they have Read permissions.
Administrators may grant access as follows:
Access the settings page. The Security Settings page appears as shown.
Under “App access for additional users and groups”, add the user or group to which you would like to grant access to the global settings and reports.
The user or group will now be able to access the Global Dashboard as well as the Security for Bitbucket Settings page.
All changes to Security for Bitbucket access are recorded in the Audit Log. For more information, see Viewing Audited Events.