# Required permissions

## Account <a href="#account" id="account"></a>

When logging into your **Bitbucket** account, the app requests the following permissions:

* [x] **Account Information** (read and modify your personal account details).
* [x] **Administer Repositories** (full administrative control over your repositories).
* [x] **Authorize workspace** (grants access to your workspace for authentication).
* [x] **Delete Repositories** (permanently delete repositories).
* [x] **Issues** (read and update issues in your repositories).
* [x] **Manage runners** (access and edit your workspace/repository runners).
* [x] **Pipelines** (access build pipelines and configure their variables).
* [x] **Project Settings** (read and update workspace project settings, including repository transfers).
* [x] **Repositories & Pull Requests** (read, update, and manage repositories and pull requests).
* [x] **Snippets** (read and modify code snippets).
* [x] **Team Membership** (read and update team membership details).
* [x] **Webhooks** (read and update repository webhooks).
* [x] **Wikis** (read and update repository wikis).

***

## Token and password <a href="#tokenpassword" id="tokenpassword"></a>

The following permissions are the minimum required to register the **GitProtect** application in your **Bitbucket** account and access your repositories:

* [x] **Account** — **read**
* [x] **Repositories** — **read** and **admin**

You can generate an app password by navigating to the **App passwords** tab in your **Bitbucket** account settings.

{% hint style="danger" %}
With minimal privileges, some metadata (e.g., issues) may not be included in the backup. Select the necessary permissions based on the data you need to protect—keep in mind that if you grant only **read** permissions, backups will work, but restoring data will require generating a new token or password with **write** permissions.
{% endhint %}

***

## Application password

Application passwords can be configured with specific permission levels. The following list details the permissions required to back up repository metadata within your organization:

* [x] **Account** — **read** permission required to assign an organization to **GitProtect**.
* [x] **Issues** — **read** permission required to back up issues inside the repository.
* [x] **Pipelines** — **read** permission required to back up pipelines, pipeline schedules, known hosts, and pipeline settings.
* [x] **Projects** — **read** permission required to record which project a repository belongs to.
* [x] **Pull Requests** — **read** permission required to back up pull requests inside the repository.
* [x] **Repositories** — **read** and **admin** permissions required to access repositories and perform backups.
* [x] **Wikis** — **read** permission required to back up repository wikis.

{% hint style="danger" %}
Granting only read permissions allows backups to be performed; however, restoring data will require generating a new application password with write permissions.
{% endhint %}

***

## Useful links and items

{% embed url="<https://support.atlassian.com/bitbucket-cloud/docs/api-tokens>" %}