Product information "Permission Lockdown for Bitbucket Server"
This plugins disables the Public access and Default permission settings for project and repository administrators. It will also reject any attempts to change these settings through the REST or Plugin API.
Global and system administrators continue to have access to these settings.
By enforcing any permission configuration to be expressed in terms of explicit users or groups, the plugin can help preventing accidental policy violations.
Related links to "Permission Lockdown for Bitbucket Server"