Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to prevent rewrites on all branches without giving everyone access?

titusn
titusn September 15, 2016

This question is in reference to Atlassian Documentation: Using branch permissions

Recently Bitbucket has changed the branch permissions, so they include the settings for rewrites and branch deletion. Now it is not clear how to nest the permissions anymore. What we want is these settings:

BitBucket Branch Management.PNG

So we want only process reviewers to be able to acces develop and only release managers on master and any release branches. master and develop must never be deleted and no branch must ever be rebased. In the new settings we can set this:
Screen Shot 2016-09-15 at 14.43.12.png

Which is fine except for one potential problem. Doesn't this still allow rewrites on any branch except the three patterns mentioned? And if we add * as a pattern for `everyone`, just to deactivate rewrites, doesn't that overlap and give everyone write access to the branches that should be limited to specific groups?

Answer
Watch
Like # people like this
1064 views

6 answers

0 votes
Roman (sturman)
Roman (sturman) October 24, 2018

Hello from 2018 :)

This can be done when configure branch permissions in repository --> Settings --> Branch permissions

image.pngimage.png

Reply
0 votes
titusn
titusn December 20, 2016

No, as far as I'm concerned they just messed up permissions with their update.

Reply
0 votes
Jason Boyd
Jason Boyd December 20, 2016

Have you found a solution for this?

Reply
0 votes
DrSnigglypoof
DrSnigglypoof
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 15, 2016

Hello @Titus Nachbauer,

I think, only the designees (in this case Process_Managers and Release_Managers) would have write access in the scenario you present. See: https://confluence.atlassian.com/display/BITBUCKET/Branch+permissions#Branchpermissions-Branchpermissionsoverlap

If your team only creates release branches with the pattern:

release/your-release-variable

you wouldn't need the "everybody" designation with a general wildcard. I would suggest that your team follow the branch pattern you've established:

release/*

Every branch with that pattern will inherit those permissions and not be subject to rewriting.

Happy coding,

Dan



View More Comments
titusn
titusn September 19, 2016

We are using git flow, so we have a lot of feature branches. Since JIRA creates those branches, they do not start with feature/, so I cannot specifically select those branches except by the pattern *. So your suggestion would not work. The point of my question is that I want to prevent rebases on ALL branches, because rebases can be very evil on shared branches and inexperienced programmers might even rebase by accident. In the old permissions screen this was simple, in the new screen it is actually impossible with the permissions we want. I tested the following:

Broken branch permissions.PNG

This should prevent anyone who is not in the group Release_Managers to delete the branch test-branch-permissions, however, they can just delete it, because the * permission is additive. This is quite useless, especially because the migration to the new screen has automatically set the permissions in this way. Now it seems I will have to go through all of the projects and fix the permissions by hand (and allow rewrites on all but the most important branches).

Like
Reply
0 votes
G__Sylvie_Davies__bit-booster_com_
G__Sylvie_Davies__bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 15, 2016

Use the "Reject Force Push" hook that is included with Bitbucket Server to stop all rebases.

---

- Regards,
Sylvie Davies
Founder and Software Engineer, bit-booster.com
Author of: Bit-Booster for Bitbucket Server.
View More Comments
titusn
titusn September 15, 2016

We are using Bitbucket Cloud

Like
G__Sylvie_Davies__bit-booster_com_
G__Sylvie_Davies__bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 15, 2016

Sorry!  One of the tags on your question is "bitbucket server latest (4.9)".

Like
titusn
titusn September 15, 2016

Oooh, no idea how that got there, so sorry. I removed the tag.

Like
Reply
0 votes
titusn
titusn September 15, 2016

Should it indeed be:

Screen Shot 2016-09-15 at 14.55.10.png

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events