How to track project permissions

Summary

This is a simple example of using the runFromProjectList and getProjectPermissionList actions together to get a list of all Stash project permissions. This can be used to more easily track and administer all project permissions across Stash. For more complex environment, you may want to automate this and commit the resulting csv file into a repository for tracking or audit purposes. The data can also be easily published to Confluence using the Run CLI Actions in Confluence to provide some self service problem determination for users having permission problems.

Steps

  1. Start with a simple getProjectList action to see all the projects in Stash
  2. Pick one of the projects and run getProjectPermissionList with project set to the project
  3. Combine the getProjectPermissionList with the runFromProjectList action
  4. Output the results to a file using append

Example

Get list of all repositories in Stash
stash --action runFromProjectList --common "--action getProjectPermissionList --project @project@ --file permission-list.csv --append"
Example output
"Project","Group","User","Permission"
"EXPERIMENT","","automation","PROJECT_ADMIN"
"ZCLI","","automation","PROJECT_ADMIN"
"ZSCLIP","","automation","PROJECT_ADMIN"
"ZSTASHCLI","group1","","PROJECT_WRITE"
"ZSTASHCLI","","automation","PROJECT_ADMIN"
"ZSTASHCLI","","user1","PROJECT_ADMIN"
"ZSTASHCLI","","user2","PROJECT_READ"
"ZSTASHCLI","","user3","PROJECT_READ"
"ZSTASHCLI2","","automation","PROJECT_ADMIN"

Confluence page