Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrict Deletion and Rewriting of Master Branch in Bitbucket at Project Level, While Allowing Repos

Ben Zecharia
Ben Zecharia October 28, 2024

In Bitbucket, administrators may want to protect the master branch to ensure stability by preventing users from deleting or rewriting it (e.g., through forced pushes). However, they also want to allow users the flexibility to create new repositories under the same project without needing admin permissions on each repository.

Key Requirements

  1. Restrict Deletion of the Master Branch: Ensure that users cannot delete the master branch across all repositories within a project.
  2. Prevent Rewriting of the Master Branch: Block users from performing force pushes or other actions that would rewrite the history of the master branch.
  3. Allow Repository Creation: Grant users the ability to create new repositories within the project with master branch. 

Currently users are able to create repository master isn't created and they can create\push it. I want them only to create new repository with master. 

Answer
Watch
Like Be the first to like this
412 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 29, 2024

Hi Ben and welcome to the community!

Requirements 1 and 2 can be achieved with project branch restrictions. Branch restrictions are available in Project settings and you can create one for master branch where the fields Allow rewriting branch history and Allow deleting this branch are unchecked. These restrictions will apply to all repositories of that project.

Regarding requirement 3, users will need at least Create permission in a project in order to create repos in that project. A user will be assigned Admin access to a repository that he or she creates. However, the name of the repo's main branch cannot be enforced. The user will need to specify it in the repo creation page, in the Default branch name field.

If a user creates an empty repo, there will be no branches in the repo. Please keep in mind that a branch in a Git repository is nothing more than a pointer to a certain commit. If the repo is empty, there is no commit for a branch to point to, so there will also be no branches.

We have a feature request for enforcing the name of the repo's main branch:

The request has been closed as it's unlikely to be worked on in the near future. However, you can still leave a comment with your feedback there, as our product managers continue to monitor even closed requests.

Please feel free to reach out if you have any questions.

Kind regards,
Theodora

View More Comments
Ben Zecharia
Ben Zecharia October 30, 2024

Hi @Theodora Boudale  I didn't explain well. What I meant is that when requirement 1 and 2 are applied users can't create master branch in new repositories unless they have admin rights.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 1, 2024

Hi Ben,

Thank you for the clarification.

Restricting the deletion and rewriting history of a branch has nothing to do with the ability to create a branch. The ability to create master branch depends on which users have been given Write access in the branch restriction.

If you have a branch restriction like the following, users with write access to the repo should be able to create master, even though the deletion and rewriting history of the branch are disabled:

Screenshot 2024-11-01 at 12.29.38.png

 


If, on the other hand, you restrict who can write to master branch like in the following screenshot, users who do not belong to the Administrators user group won't be able to create master:

Screenshot 2024-11-01 at 12.31.10.png

Are you restricting Write access for master only to administrators, like in the second screenshot?

Kind regards,
Theodora

Like
Ben Zecharia
Ben Zecharia November 3, 2024

I am currently doing the second option, so what is the suggest config? 

My goal is the only 1 team will be able to create merge into master and no one will be able to write directly to master. 

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 4, 2024

Hi Ben,

If no one can write directly to master via a branch restriction, then no one will be able to create master branch. I'm afraid that there is no config that allows the creation of a branch but prevents write access to it. One or more users need to have write access to master via the branch restriction, and then only these users will be able to create master.

Restricting merges into master is possible with the "Merge access via pull requests" option in the branch restriction.

We have a feature request for a branch restriction that will allow the creation of a branch but will prevent write access to it:

You can add your vote to it (by selecting the Vote for this issue link) to express your interest, you are more than welcome to leave feedback, and you can also add yourself as a watcher (by selecting the Start watching this issue link) if you'd like to be notified via email on updates.

Implementation of features is done as per our policy here and any updates will be posted in the feature request.

Kind regards,
Theodora

Like
Ben Zecharia
Ben Zecharia November 4, 2024

Thanks for your help! 

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 4, 2024

You are very welcome. Please feel free to reach out if you ever need anything else!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security