Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Delete branch Permission shown incorrectly

Rahul Mishra4
Rahul Mishra July 7, 2015

Hi,

I have an active directory group which i recently downgraded the privileges from 'project creator' to 'stash user' level.  However, these users still see the option to delete branches which is something we do not want.

Here are the tests i did -

1) Deleted the group from stash - The users for the group could no longer log in to stash, so i knew they were getting the privileges because of their existence in this group

2) Created a local user and added it to this group, this local user does not have the permission to delete branches.

Any pointers? Is this a bug?

Regards,

Rahul

Answer
Watch
Like Be the first to like this
420 views

2 answers

1 accepted

0 votes
Answer accepted
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2015

There is a difference in Stash between being able to log in and what permissions you have on a repo.

If deleting the group from Stash prevented them from logging in at all, that probably means that they lost their license due to not being a member of the group.  It doesn't necessarily mean that they might not also be a member of some other group which doesn't grant Stash licenses but does grant permissions on a particular repo.  It's easy to accidentally configure an AD user so that they have permissions on a repo but can't login to Stash.

 

I recommend using this plugin to see exactly what permissions each user has on a repo as a result of their membership in which groups: https://marketplace.atlassian.com/plugins/com.orbitz.stash.plugins.permission-viewer-plugin/versions#b100000000

However, I think that anyone with 'Write' permission on a repo can delete branches unless there are branch permissions in place.  Testing seems to confirm this.  So I'm actually more confused why the local user you created wasn't able to delete branches than anything else.

 

 

View More Comments
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2015

Also, deleting a (merged) branch is relatively harmless. A branch is just a pointer to a commit - deleting the branch doesn't delete the commit(s). Deleting an unmerged branch is a little more dangerous, but Stash warns you before allowing you to complete the operation. And presumably those commits would still exist on a developer's clone of the repo.

Like
Reply
1 vote
Rahul Mishra4
Rahul Mishra July 7, 2015

Actually i had verified that but i do understand your point.

And, I seemed to have overlooked something. All users (local and A/D based) can delete branches even with the most basic privileges

The plugin was a great suggestion though. Made the issue clearer and caused more confusion. Anyone with 'write' privileges can delete any branch irrespective of branch permissions.

I completely understand that in git it can all be restored (merged or unmerged), but my concern is from a compliance perspective. We have access controls all over the place and the fact that a user can delete a branch (essentially manage a repository) with the bare minimum privileges is discomforting.

I really hoped deletion of branches and tags would require higher privileges

 

 

View More Comments
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2015

Not having branch permissions on a branch keeps a user from deleting it (but that also means not having permission to push to that branch, requiring the use of pull requests to have your changes merged). I don't think there's a way to be able to push to a branch and not be able to delete it.

Like
Rahul Mishra4
Rahul Mishra July 7, 2015

And i am seeing it differently, EVEN IF i restrict permissions to push to 'master' branch for certain users, all users with write 'access' to the repository seem to have the capability to delete the branch.

Like
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2015

Hrm, I just tried it on my install of Stash and it gave me a "User not permitted: You do not have permission to delete this branch." message.

Like
Tim Crall1
Tim Crall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2015

Make sure you're not using an Admin account to test it...

Like
Mike Friedrich
Mike Friedrich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2015

Since Stash 3.10 delete can be prevented. See here: https://confluence.atlassian.com/display/STASH/Stash+3.10+release+notes

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events