Git branch permissions on Windows

Recent Problem:

In a Windows environment (unfortunately) I needed to set different branch based permissions for different intranet users. If you’re in a Linux environment (lucky you) have a look at Gitolite or Gitlab. If you can use the cloud then Bitbucket.

Assumptions:

  • You and the other users work in a local network or intranet where the git host lives.
  • Your repository is stored on c:/git/ in a network server
  • No other user has Read/Write access to c:/git except the owner and admin.
  • All Git users should have Read access.
  • [Optional] All remote branches use a  forward slash naming convention. For example: master, stage, dev/master, dev/[your name], dev/team-a, dev/team-a, dev/feature-a…

Fix: set branch-based permissions on a repo using Windows Security.

  1. Navigate to where the head of the remote branch you want to set permissions to, say c:/git/[Repo name]/refs/heads/dev/team-a
  2. right-click on this folder, choose “Share with” > “Specific people…”
  3. Add the users and their permission level (Read or Read/Write)
  4. Now users should only be able to perform a git push if they have the Read/Write permission. If they have Read then they can pull.

This can be a bit tedious if you have a lot of git users or if the git users change often, since you’d have to maintain the access. I believe you could also create a group to make it more manageable. But it’s a good workaround, at least until you could get your hands on a Linux server.

Know of a better way to do this in Windows? See any major issues with this?

Close