Recent Problem:
In a Windows environment (unfortunately) I needed to set different branch based permissions for different intranet users. If you’re in a Linux environment (lucky you) have a look at Gitolite or Gitlab. If you can use the cloud then Bitbucket.
Assumptions:
- You and the other users work in a local network or intranet where the git host lives.
- Your repository is stored on c:/git/ in a network server
- No other user has Read/Write access to c:/git except the owner and admin.
- All Git users should have Read access.
- [Optional] All remote branches use a forward slash naming convention. For example: master, stage, dev/master, dev/[your name], dev/team-a, dev/team-a, dev/feature-a…
Fix: set branch-based permissions on a repo using Windows Security.
- Navigate to where the head of the remote branch you want to set permissions to, say c:/git/[Repo name]/refs/heads/dev/team-a
- right-click on this folder, choose “Share with” > “Specific people…”
- Add the users and their permission level (Read or Read/Write)
- Now users should only be able to perform a git push if they have the Read/Write permission. If they have Read then they can pull.
This can be a bit tedious if you have a lot of git users or if the git users change often, since you’d have to maintain the access. I believe you could also create a group to make it more manageable. But it’s a good workaround, at least until you could get your hands on a Linux server.
Know of a better way to do this in Windows? See any major issues with this?