Branch permissions allow you to control who can commit to specific branches in a repository. Branch permissions provide another level of security within Stash (along with user authentication and project, repository and global permissions) that provides a way to control, or enforce, your own workflow or process.
- are based on users or groups.
- are actually restrictions, independent of project and repository level permissions, that limit branch access to specific people.
- prevent unauthorised users pushing to or deleting the branch.
- are based on explicit branch names, or you can use advanced branch permissions to match multiple branches (or tags) using pattern matching.
For example, if two developers Xavier and Yves have write access to repository R, but only Xavier has branch permissions on branch B, then Yves won't be able to push to B.
If a user does not have commit access to the branch, an error message will be shown on the Git command line when they try to push a change to the branch.
Note that if no branch permissions are defined then anyone with commit access to the repository can push to any branch. Also, if there are conflicting permissions, the most permissive one applies; for example if one permission restricts a particular users access but another permission allows it, then the user will be allowed commit access.
Setting branch permissions
Branch permissions in Stash are set on a per-repository basis. Makes sense – branch permissions control access to repository branches, right?
You'll need either permissions to set branch permissions., admin or sys-admin
So, to set branch permissions:
- Go to a repository in a project.
- Choose Settings > Branch (under 'Permissions').
- Click Add permission.
- On the Branch tab, choose the branch for which you want to control access.
- Add (or remove) users or groups that you want to have (or not have) commit access to the branch.
- Click Create to finish.
You can always change the permissions for a branch later, if necessary.
Advanced branch permissions
Advanced branch permissions specify a pattern that is matched against branches and tags being pushed to Stash; this allows you to restrict any pushes to branches that match the pattern.
Advanced branch permission also apply to attempts to create new branches; if a push to Stash attempts to create a new branch that matches a pattern, the user must be authorised for the operation to proceed.
To set advanced branch permissions, choose Settings > Branch, and click Add permission, as described above.
On the Advanced tab, enter a glob pattern to match the names of multiple branches for which you want to control access.