# Required permissions

## Account <a href="#account" id="account"></a>

When logging into your **Bitbucket** account, the app requests the following permissions:

* [x] **Account Information** (read and modify your personal account details).
* [x] **Administer Repositories** (full administrative control over your repositories).
* [x] **Authorize workspace** (grants access to your workspace for authentication).
* [x] **Delete Repositories** (permanently delete repositories).
* [x] **Issues** (read and update issues in your repositories).
* [x] **Manage runners** (access and edit your workspace/repository runners).
* [x] **Pipelines** (access build pipelines and configure their variables).
* [x] **Project Settings** (read and update workspace project settings, including repository transfers).
* [x] **Repositories & Pull Requests** (read, update, and manage repositories and pull requests).
* [x] **Snippets** (read and modify code snippets).
* [x] **Team Membership** (read and update team membership details).
* [x] **Webhooks** (read and update repository webhooks).
* [x] **Wikis** (read and update repository wikis).

***

## Token and password <a href="#tokenpassword" id="tokenpassword"></a>

The following permissions are the minimum required to register the **GitProtect** application in your **Bitbucket** account and access your repositories:

* [x] **Account** — **read**
* [x] **Repositories** — **read** and **admin**

You can generate an app password by navigating to the **App passwords** tab in your **Bitbucket** account settings.

{% hint style="danger" %}
With minimal privileges, some metadata (e.g., issues) may not be included in the backup. Select the necessary permissions based on the data you need to protect—keep in mind that if you grant only **read** permissions, backups will work, but restoring data will require generating a new token or password with **write** permissions.
{% endhint %}

***

## Application password

Application passwords can be configured with specific permission levels. The following list details the permissions required to back up repository metadata within your organization:

* [x] **Account** — **read** permission required to assign an organization to **GitProtect**.
* [x] **Issues** — **read** permission required to back up issues inside the repository.
* [x] **Pipelines** — **read** permission required to back up pipelines, pipeline schedules, known hosts, and pipeline settings.
* [x] **Projects** — **read** permission required to record which project a repository belongs to.
* [x] **Pull Requests** — **read** permission required to back up pull requests inside the repository.
* [x] **Repositories** — **read** and **admin** permissions required to access repositories and perform backups.
* [x] **Wikis** — **read** permission required to back up repository wikis.

{% hint style="danger" %}
Granting only read permissions allows backups to be performed; however, restoring data will require generating a new application password with write permissions.
{% endhint %}

***

## Useful links and items

{% embed url="<https://support.atlassian.com/bitbucket-cloud/docs/api-tokens>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helpcenter.gitprotect.io/backup-and-recovery/devops/bitbucket/integration/required-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.