Protect your master Branch in VSTS

1 minute read

You can set up permissions and policies to control who can read and update code in a branch on your Git repo within VSTS. You can set permissions for individual users and groups, and inherit and override permissions as needed.

 

Within regular projects you want to set up specific permissions and policies on your master branch. Only specific users should add code to your master branch. This is done by permissions and policies

 

Adjust security on your master branch

To remove access to a branch we can remove the permissions for the developers. In default situations your developers will reside in the default “Contributors” group. First step is to remove the inheritance from the branch because branch security is set up with inheritance.

 

  1. Go to your project within VSTS
  2. Click on the settings icon and then Version Control
  3. Select the branch you want to stop the inheritance of.
  4. Click on inheritance and select “off”.

inheritance off

  1. With the inheritance off VSTS security groups can be removed from the branch.

remove group from branch

 

Branch Policy

If the permissions are setup correctly on the branch a policy needs to be configured in the branch in order for developers to be able to push code to the master branch, and that approval is configured on the so-called pull request.

  1. Go to your project within VSTS
  2. Click on the settings icon and then Version Control
  3. Select the branch
  4. Select “Branch Policies”

 VSTS Branch Policies

 

  1. On the branch policy page setup the policy as you want, you should for example configure a required approver. I also love the feature of a linked work items that are required.

Branch Policy