How to prevent rewrites on all branches without giving everyone access?

This question is in reference to Atlassian Documentation: Using branch permissions

Recently Bitbucket has changed the branch permissions, so they include the settings for rewrites and branch deletion. Now it is not clear how to nest the permissions anymore. What we want is these settings:

BitBucket Branch Management.PNG

So we want only process reviewers to be able to acces develop and only release managers on master and any release branches. master and develop must never be deleted and no branch must ever be rebased. In the new settings we can set this:
Screen Shot 2016-09-15 at 14.43.12.png

Which is fine except for one potential problem. Doesn't this still allow rewrites on any branch except the three patterns mentioned? And if we add * as a pattern for `everyone`, just to deactivate rewrites, doesn't that overlap and give everyone write access to the branches that should be limited to specific groups?

5 answers

Should it indeed be:

Screen Shot 2016-09-15 at 14.55.10.png

Use the "Reject Force Push" hook that is included with Bitbucket Server to stop all rebases.


- Regards,
Sylvie Davies
Founder and Software Engineer,
Author of: Bit-Booster for Bitbucket Server.

We are using Bitbucket Cloud

Oooh, no idea how that got there, so sorry. I removed the tag.

0 vote

Hello @Titus Nachbauer,

I think, only the designees (in this case Process_Managers and Release_Managers) would have write access in the scenario you present. See:

If your team only creates release branches with the pattern:


you wouldn't need the "everybody" designation with a general wildcard. I would suggest that your team follow the branch pattern you've established:


Every branch with that pattern will inherit those permissions and not be subject to rewriting.

Happy coding,


We are using git flow, so we have a lot of feature branches. Since JIRA creates those branches, they do not start with feature/, so I cannot specifically select those branches except by the pattern *. So your suggestion would not work. The point of my question is that I want to prevent rebases on ALL branches, because rebases can be very evil on shared branches and inexperienced programmers might even rebase by accident. In the old permissions screen this was simple, in the new screen it is actually impossible with the permissions we want. I tested the following:

Broken branch permissions.PNG

This should prevent anyone who is not in the group Release_Managers to delete the branch test-branch-permissions, however, they can just delete it, because the * permission is additive. This is quite useless, especially because the migration to the new screen has automatically set the permissions in this way. Now it seems I will have to go through all of the projects and fix the permissions by hand (and allow rewrites on all but the most important branches).

Have you found a solution for this?

No, as far as I'm concerned they just messed up permissions with their update.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,768 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you