Have you ever wanted to setup granular folder permissions in your Azure DevOps repos but couldn’t figure it out? I was working on a project where the customer wanted to setup their version of GitFlow and was trying to setup permissions in Git so that only certain groups of users could control writes to Main, Release, Develop and Feature branches at specific levels in the path of these branches. This post will walk you through how to do that in Azure DevOps.
Problem
I won’t explain GitFlow here but rather link to Atalssian’s GitFlow documents for the full explanation. Needless to say there are several branch types in GitFlow including Main, Release, Develop and Feature branches. Each of these type of branches might require some form of access control so that users don’t check in or merge unapproved/reviewed changes into folders they aren’t allowed to. For instance let’s say you want to have a Release Team that can control access to all your version releases whether that is v1.0 or v1.1 or v2. This post will show you how.
Solution
What you may not have known is that if you create paths in your branch names
Azure Devops will allow you to apply RBAC to the folders if you so choose.
The default in ADO is an Inheritance model where permissions of the parent are
inherited by the child nodes, however with the click of the mouse you can break
this inheritance chain and apply custom permissions at the folder level in ADO
ensuring that only the right teams have access to those branches.
