Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to override Project Level Branch Security

Tim Razik
Tim Razik September 24, 2018

Is there a simple way to manage security at a project level and override it at a repo level.

For example, we have a project called UPN and it has 100 repositories in it.  At a project level we setup branch security to say 

Branch Name : Master

Deletion :  (BLANK)

Rewrite History : (BLANK)

Changes w/o Pull Request : (BLANK)

All Changes: our-developer-group

 

This is a huge time saver as we don't have to manage security for each repo.  However we commonly hit scenarios where we might want a repository to temporarily bend the rules.  For example we might want to restrict the changes for repo-x to a smaller group during a certain period or we might want to enable Rewrite history to allow a one time rebase.

 

So in repo-x I added another branch permission on Master

Branch Name : Master

Deletion :  (BLANK)

Rewrite History : (BLANK)

Changes w/o Pull Request : (BLANK)

All Changes: our-special-user-group

 

It looks like the security there is additive instead of overriding.  Is there a means to override security without having to move the repo and or changing it at the entire project level?

Answer
Watch
Like Be the first to like this
3340 views

3 answers

1 vote
VICTOR-OSEGHALE
VICTOR-OSEGHALE
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2018

Hi Tim,

Thanks for reaching out here.

There is no known way to override the project level branch permission in the repository level branch permission. When the branch permission is added at the project level, it is applied to the repository level also.

You can find more details for this at BSERV-3508.

Kind Regards,
Victor - Application Support Engineer.

Reply
0 votes
Russell Schultz - gmail
Russell Schultz - gmail November 15, 2020

This is old, but I had to struggle with it this evening.

It is additive, but the only way to loosen permissions (at least with our corporate bitbucket server) was to add a new permission to the repository that copied the project branch permission, but had an exception for the users you wanted to allow the action to.

 

Non-intuitive, but it worked.

View More Comments
jorge_costa
jorge_costa November 30, 2020

nah its crazy, this should totally be reviewed and implemented properly. repo owners should totally be able to override project permissions if they choose to 

Like
Reply
0 votes
John van der Loo
John van der Loo
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 26, 2018

To add to what @VICTOR-OSEGHALE said:

It looks like the security there is additive instead of overriding.

That's right, the permission model in Bitbucket Server is additive, so the best approach to take is to make your permissions as restrictive as possible at the Project level and relax it at the Repository level.

we might want to restrict the changes for repo-x to a smaller group during a certain period

This isn't possible with the additive permission system

we might want to enable Rewrite history to allow a one time rebase.

With the additive permission model, the most permissive set is what gets applied, so if history rewriting is disabled at the project level for a given branch permission and a branch permission (targeting the same branch/pattern) with rewriting enabled is present at the repository level, then that is what's applied. The inverse is then of course also true, which is why starting out with the more restrictive set at the top level is required for limiting access.

Regards,

John van der Loo
Developer, Bitbucket Server 

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events