How to prevent rewrites on all branches without giving everyone access?

This question is in reference to Atlassian Documentation: Using branch permissions

Recently Bitbucket has changed the branch permissions, so they include the settings for rewrites and branch deletion. Now it is not clear how to nest the permissions anymore. What we want is these settings:

BitBucket Branch Management.PNG

So we want only process reviewers to be able to acces develop and only release managers on master and any release branches. master and develop must never be deleted and no branch must ever be rebased. In the new settings we can set this:
Screen Shot 2016-09-15 at 14.43.12.png

Which is fine except for one potential problem. Doesn't this still allow rewrites on any branch except the three patterns mentioned? And if we add * as a pattern for `everyone`, just to deactivate rewrites, doesn't that overlap and give everyone write access to the branches that should be limited to specific groups?

6 answers

Should it indeed be:

Screen Shot 2016-09-15 at 14.55.10.png

Use the "Reject Force Push" hook that is included with Bitbucket Server to stop all rebases.


- Regards,
Sylvie Davies
Founder and Software Engineer,
Author of: Bit-Booster for Bitbucket Server.

We are using Bitbucket Cloud

Sorry!  One of the tags on your question is "bitbucket server latest (4.9)".

Oooh, no idea how that got there, so sorry. I removed the tag.

0 votes

Hello @Titus Nachbauer,

I think, only the designees (in this case Process_Managers and Release_Managers) would have write access in the scenario you present. See:

If your team only creates release branches with the pattern:


you wouldn't need the "everybody" designation with a general wildcard. I would suggest that your team follow the branch pattern you've established:


Every branch with that pattern will inherit those permissions and not be subject to rewriting.

Happy coding,


We are using git flow, so we have a lot of feature branches. Since JIRA creates those branches, they do not start with feature/, so I cannot specifically select those branches except by the pattern *. So your suggestion would not work. The point of my question is that I want to prevent rebases on ALL branches, because rebases can be very evil on shared branches and inexperienced programmers might even rebase by accident. In the old permissions screen this was simple, in the new screen it is actually impossible with the permissions we want. I tested the following:

Broken branch permissions.PNG

This should prevent anyone who is not in the group Release_Managers to delete the branch test-branch-permissions, however, they can just delete it, because the * permission is additive. This is quite useless, especially because the migration to the new screen has automatically set the permissions in this way. Now it seems I will have to go through all of the projects and fix the permissions by hand (and allow rewrites on all but the most important branches).

Have you found a solution for this?

No, as far as I'm concerned they just messed up permissions with their update.

0 votes

Hello from 2018 :)

This can be done when configure branch permissions in repository --> Settings --> Branch permissions


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

1,923 views 7 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you