In Bitbucket Server, can read access be restricted to a specific branch or branch pattern?

This question is in reference to Atlassian Documentation: Using branch permissions

Hi, I am aware that you can restrict write access to branch patterns via 'prevent all changes' and other restrictions which are mostly about what you can push to repository, but does anyone know if it is possible to restrict read access to a specific branch?

 Thanks!

1 answer

1 accepted

Not that I'm aware of - it would be difficult/impossible since the cloned repo has all of the commits in it and the underlying git model affords no such security.

Many thanks Rich,

that was my assumption also but I thought it was worth asking. I have been looking at how to translate a Gitolite configuration to Bitbucket Server permission settings.

In Gitolite it seems you can specify that a user can only read from the master branch for example. In practice, this presumably means that the remote only serves commits reachable from master, which I would have thought is quite doable technically (in fact I am sure that the client could configure that via a refspec)

Best Regards,

Philip

So how does that work when you clone a repository? 

If you have read access to master branch only, when you clone you get a repository with the master branch and all commits reachable from it, but no other branches (or commits only reachable from those other branches).

You can actually choose to do this (with any remote) by doing: 

git clone remote-url --branch master --single-branch

but I was hoping there might be a way to force that via a server permission

You might check to see if anyone has implemented a plugin that provides that capability, otherwise you could explore using a forking approach perhaps - this wouldn't be as straight forward of course.

Thanks for your ideas on this. When I looked on the Marketplace there was not anything obvious. With forking, I could create another repo which just has the master branch of the original one, but I am not sure how this could be kept in sync (fork syncing would presumably update all branches). However the answer may be to simply accept that branch based read restrictions are not supported smile

I am looking for this same exact solution. Philip, did you find a solution? I want my manufacturing team and suppliers to only be able see Main and not the development branches. This is for mistake proofing, so they don't end up downloading from the branches.

Hi Parth, my current assumption is that this cannot be done using standard functionality or add-ons. As discussed above I don't agree that there is some fundamental reason why this couldn't be done , since you can elect to fetch only commits of certain branches via a branch based clone or a refspec. However I do not believe there is currently an easy way to enforce it via Bitbucket Server. Thanks, Philip 

Dear @Philip Armour

did you find the solution ? I have the same situation on my team.

cc: @Parth Jariwala@Rich Duncan

Cheers

Hi @Sina Fereshteh , apologies for delay in responding. As far as I am aware, the comment I made on Oct 13 is still true: there is no way to limit repository read-access to certain branches (which really means limiting transfer of the reachable commits from branch references). 

If you really need to restrict the read-access to some branches I recommend that you use a fork of the repository for the branches which you need to restrict. You can then restrict read-access to the fork. This achieves a similar outcome.

Hope that helps,

Philip

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

654 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot