Branch permissions allow you to control the actions users can perform on a single branch, branch type, or branch pattern within a repository. Branch permissions provide another level of security within Stash, along with user authentication and project, repository and global permissions, that together allow you to control, or enforce, your own workflow or process.
- are based on users or groups.
- are actually restrictions, which are checked after project and repository level permissions.
- are used to limit branch access to specific people who must still have write access to the project or repository.
- prevent unauthorised users pushing to or deleting the branch.
- can be based on explicit branch names, branch pattern, or branching model.
For example, if two developers Xavier and Yves have write access to repository R, but only Xavier has branch permissions on branch B, then Yves won't be able to push to B.
If a user does not have commit access to the branch, an error message will be shown on the Git command line when they try to push a change to the branch. If no branch permissions are defined then anyone with commit access to the repository can push to any branch.
Adding branch permissions
Branch permissions in Stash control access to repository branches. You need either permissions to set or modify branch permissions., admin or sys-admin
To add branch permissions:
- Go to a repository in a project.
- Choose Settings > Branch permissions.
- Click Add permission.
- In the Branches field, select either Branch name, Branch pattern, or Branching model.
- Branch name - select an existing branch by name.
- Branch pattern - specify a branch using branch pattern syntax for matching branch names. See Branch permission patterns for more information about this syntax.
- Branching model - select the branch type to restrict access to. Read more about branching models.
- Add (or remove) users or groups that you want to have (or not have) commit access to the branch. Limiting write access for a branch enforces the branch permissions, and also
- restricts pushes to branches.
- restricts creating new branches.
- Select the type of actions you want to prevent.
- Rewriting history - prevents history rewrites on the specified branch(es) - for example by a force push or rebase.
- Changes without a pull request - prevents pushing changes directly to a branch; changes are allowed only with a pull request.
- Branch deletion - prevents branch and tag deletion.
Click Create to finish.
You can always change the permissions for a branch later, if necessary.