This question is in reference to Atlassian Documentation: Using branch permissions
Recently Bitbucket has changed the branch permissions, so they include the settings for rewrites and branch deletion. Now it is not clear how to nest the permissions anymore. What we want is these settings:
BitBucket Branch Management.PNG
So we want only process reviewers to be able to acces develop and only release managers on master and any release branches. master and develop must never be deleted and no branch must ever be rebased. In the new settings we can set this:
Screen Shot 2016-09-15 at 14.43.12.png
Which is fine except for one potential problem. Doesn't this still allow rewrites on any branch except the three patterns mentioned? And if we add * as a pattern for `everyone`, just to deactivate rewrites, doesn't that overlap and give everyone write access to the branches that should be limited to specific groups?
Hello from 2018 :)
This can be done when configure branch permissions in repository --> Settings --> Branch permissions
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Titus Nachbauer,
I think, only the designees (in this case Process_Managers and Release_Managers) would have write access in the scenario you present. See: https://confluence.atlassian.com/display/BITBUCKET/Branch+permissions#Branchpermissions-Branchpermissionsoverlap
If your team only creates release branches with the pattern:
release/your-release-variable
you wouldn't need the "everybody" designation with a general wildcard. I would suggest that your team follow the branch pattern you've established:
release/*
Every branch with that pattern will inherit those permissions and not be subject to rewriting.
Happy coding,
Dan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We are using git flow, so we have a lot of feature branches. Since JIRA creates those branches, they do not start with feature/, so I cannot specifically select those branches except by the pattern *. So your suggestion would not work. The point of my question is that I want to prevent rebases on ALL branches, because rebases can be very evil on shared branches and inexperienced programmers might even rebase by accident. In the old permissions screen this was simple, in the new screen it is actually impossible with the permissions we want. I tested the following:
Broken branch permissions.PNG
This should prevent anyone who is not in the group Release_Managers to delete the branch test-branch-permissions, however, they can just delete it, because the * permission is additive. This is quite useless, especially because the migration to the new screen has automatically set the permissions in this way. Now it seems I will have to go through all of the projects and fix the permissions by hand (and allow rewrites on all but the most important branches).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Use the "Reject Force Push" hook that is included with Bitbucket Server to stop all rebases.
---
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry! One of the tags on your question is "bitbucket server latest (4.9)".
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.