In Azure DevOps, branch security for git repos defaults the 'Force push' property to 'Not set' for all Azure DevOps Groups. This effectively denies this permission.
We're following gitflow where I work and would generally deny this permission explicitly for persistent branches, Master and Develop; however, for feature branches I would rather this default to 'Allow', so that an admin doesn't have to be involved. Is there a way to default 'Force push' to 'Allow' for the Azure DevOps 'contributor' group for all branches, unless explicitly set to 'Deny'?
Cheers.
Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team. Choose Project settings and then Permissions. Choose Project Administrators group, Members, and then Add.
You manage organization-level permissions through the web portal admin context or with the az devops security group commands. Project Collection Administrators are granted all organization-level permissions. Other organization-level groups have select permission assignments.
Basic access provides access to all features and tasks for using Azure Boards, Azure Repos, Azure Pipelines, and Azure Artifacts. Users who require access to manage Azure Test Plans need to be granted Basic + Test Plans or Advanced access.
View organization or collection-level permissionsOpen admin settings for the organization or a project collection. Choose the Azure DevOps logo to open Projects. Then choose Organization settings. Choose Permissions, the Project Collection Administrators group, and then Members.
You need to understand the Securities of Azure Repos first
There are two level of securities
Default, in Azure Repos (Git), Rewrite and destroy history (force push) is Not Set
at Repo Level.
This is the Inherited(by default) for every new branch you create. So you will have the value as Not set
for every new branch you create with-in that Repo.
Your requirement will not be implemented directly since all the securities for a branch are by default inherited from the repo level.
BE CAREFUL ON THIS PERMISSION SINCE YOU ARE SETTING THIS TO ALLOW AT REPO LEVEL IS VERY DANGEROUS
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With