Azure DevOps default permissions

Question

In Azure DevOps, branch security for git repos defaults the 'Force push' property to 'Not set' for all Azure DevOps Groups. This effectively denies this permission.

We're following gitflow where I work and would generally deny this permission explicitly for persistent branches, Master and Develop; however, for feature branches I would rather this default to 'Allow', so that an admin doesn't have to be involved. Is there a way to default 'Force push' to 'Allow' for the Azure DevOps 'contributor' group for all branches, unless explicitly set to 'Deny'?

Cheers.

Answer 1

You need to understand the Securities of Azure Repos first

There are two level of securities

1. Repo Level
2. Branch Level (By Default -Inherited from Repo Level) - YOU CAN CHANGE THIS ALSO

Default, in Azure Repos (Git), Rewrite and destroy history (force push) is Not Set at Repo Level.

This is the Inherited(by default) for every new branch you create. So you will have the value as Not set for every new branch you create with-in that Repo.

Your requirement will not be implemented directly since all the securities for a branch are by default inherited from the repo level.

The answer for your question

1. At repo level Set the Force Push - > Allow
2. This will be default inherited to all branches under your repo.
3. Change this Setting to Deny for the master, Develop, QA so far (which you need to administrate/secure)

BE CAREFUL ON THIS PERMISSION SINCE YOU ARE SETTING THIS TO ALLOW AT REPO LEVEL IS VERY DANGEROUS