Using branch permissions
Branch permissions allow you to control the actions users can perform on a single branch, branch type, or branch pattern within a repository. Branch permissions provide another level of security within Bitbucket Server, along with user authentication and project, repository and global permissions, that together allow you to control, or enforce, your own workflow or process.
- are based on users or groups.
- are actually restrictions, which are checked after project and repository level permissions.
- are used to limit branch access to specific people who must still have write access to the project or repository.
- prevent unauthorized users pushing to or deleting the branch.
- can be based on explicit branch names, branch pattern, or branching model.
For example, if two developers Xavier and Yves have write access to repository R, but only Xavier has branch permissions on branch B, then Yves won't be able to push to B.
If a user does not have commit access to the branch, an error message will be shown on the Git command line when they try to push a change to the branch. If no branch permissions are defined then anyone with commit access to the repository can push to any branch.
Adding branch permissions
Branch permissions in Bitbucket Server control access to repository branches. You need either permission to set or modify branch permissions., admin or sys-admin
To add branch permissions:
- Go to a repository in a project.
- Choose Settings > Branch permissions.
- Click Add permission.
- In the Branches field, select either Branch name, Branch pattern, or Branching model.
- Branch name - select an existing branch by name.
- Branch pattern - specify a branch using branch pattern syntax for matching branch names. See Branch permission patterns for more information about this syntax.
- Branching model - select the branch type to restrict access to. Read more about branching models.
- Select the type of actions you want to prevent.
- Branch deletion - prevents branch and tag deletion. See Branch permission patterns for information about specifying tags.
- Rewriting history - prevents history rewrites on the specified branch(es) - for example by a force push or rebase.
- Changes without a pull request - prevents pushing changes directly to the specified branch(es); changes are allowed only with a pull request.
- All modifications - prevents pushes to the specified branch(es) and restricts creating new branches matching the specified branch(es) or pattern.
- Optional: Add exemptions for any of the selected restrictions. Adding a user or group as an exemption means that it will not apply to them. This is not required; not adding any exemptions means the restriction will apply to everyone.
Click Create to finish.
You can always change the permissions for a branch later, if necessary.