Protect your master Branch in VSTS

You can set up permissions and policies to control who can read and update code in a branch on your Git repo within VSTS. You can set permissions for individual users and groups, and inherit and override permissions as needed.

 

Within regular projects you want to set up specific permissions and policies on your master branch. Only specific users should add code to your master branch. This is done by permissions and policies

 

Adjust security on your master branch

To remove access to a branch we can remove the permissions for the developers. In default situations your developers will reside in the default “Contributors” group. First step is to remove the inheritance from the branch because branch security is set up with inheritance.

 

  1. Go to your project within VSTS
  2. Click on the settings icon and then Version Control
  3. Select the branch you want to stop the inheritance of.
  4. Click on inheritance and select “off”.

inheritance off

  1. With the inheritance off VSTS security groups can be removed from the branch.

remove group from branch

 

Branch Policy

If the permissions are setup correctly on the branch a policy needs to be configured in the branch in order for developers to be able to push code to the master branch, and that approval is configured on the so-called pull request.

  1. Go to your project within VSTS
  2. Click on the settings icon and then Version Control
  3. Select the branch
  4. Select “Branch Policies”

 VSTS Branch Policies

 

  1. On the branch policy page setup the policy as you want, you should for example configure a required approver. I also love the feature of a linked work items that are required.

Branch Policy

Related Posts

My first public VSTS Extension A couple of days ago I started developing extensions for Build and Release pipelines of Visual Studio Team Services (VSTS). One of these extensions is...
Azure Function CI – 3. Deploying the Azure Function from the Build within VSTS This post is the third and last one in a series of posts and will help you by deploying a CI build for a Azure Function. Prerequisites This blog post ...
Azure Function CI – 2. Create a CI Build for the Azure Function This post is the second one in a series of three posts and will help you by creating a CI build for a Azure Function. Prerequisites This blog post i...
Azure Function CI – 1. Creating a Pre-Compiled Azure Function As mentioned in the overview Azure Function provide event-based serverless computing that make it easy to develop and scale your application, paying o...
Azure Function CI – Overview Azure Functions provide event-based serverless computing that make it easy to develop and scale your application. By using Azure Functions CI you can ...
Install SharePoint 2013 Public Beta on Windows Server 2012 RC – Part VI &n... Last week we finished the installation of SharePoint 2013. For us to test the new version off SharePoint we still have to do some configuration. The ...

Leave a Reply

Your email address will not be published. Required fields are marked *