Git branch permissions on Windows

Recent Problem:

In a Windows environment (unfortunately) I needed to set different branch based permissions for different intranet users. If you’re in a Linux environment (lucky you) have a look at Gitolite or Gitlab. If you can use the cloud then Bitbucket.

Assumptions:

  • You and the other users work in a local network or intranet where the git host lives.
  • Your repository is stored on c:/git/ in a network server
  • No other user has Read/Write access to c:/git except the owner and admin.
  • All Git users should have Read access.
  • [Optional] All remote branches use a  forward slash naming convention. For example: master, stage, dev/master, dev/[your name], dev/team-a, dev/team-a, dev/feature-a…

Fix: set branch-based permissions on a repo using Windows Security.

  1. Navigate to where the head of the remote branch you want to set permissions to, say c:/git/[Repo name]/refs/heads/dev/team-a
  2. right-click on this folder, choose “Share with” > “Specific people…”
  3. Add the users and their permission level (Read or Read/Write)
  4. Now users should only be able to perform a git push if they have the Read/Write permission. If they have Read then they can pull.

This can be a bit tedious if you have a lot of git users or if the git users change often, since you’d have to maintain the access. I believe you could also create a group to make it more manageable. But it’s a good workaround, at least until you could get your hands on a Linux server.

Know of a better way to do this in Windows? See any major issues with this?

2 thoughts on “Git branch permissions on Windows

  1. Hi,
    First of all thanks for posting.

    We have similar problem, our requirement is to create 3 different branches from master and give access to 3 different teams of their own branch, they should not have access to others branch and master.

    We tried this approach but various teams after committing changes to their respective branches teams will get parent folder level access and hence to other branches/master. Is it possible to elaborate more how this can be done in Windows environment. I suspect this is happening due to permission inheritance but not able to solve this.

    Please share your thoughts.

    Thanks,
    -Deepak

  2. Hi Deepak,

    Hopefully I’m not too late here.

    I should stress that this only works if you’re within the same Windows network. Team A should have “read” only access to the master branch, try applying this permission to the dev/master or root folder convention. Then apply a “read/write” access for Team A to dev/teamA branch.

    Sorry I can’t be of much help, it’s been a while since I did this and I don’t have access to a Windows machine or network anymore.

Leave a Reply

Your email address will not be published. Required fields are marked *