Many thanks Rich,

that was my assumption also but I thought it was worth asking. I have been looking at how to translate a Gitolite configuration to Bitbucket Server permission settings.

In Gitolite it seems you can specify that a user can only read from the master branch for example. In practice, this presumably means that the remote only serves commits reachable from master, which I would have thought is quite doable technically (in fact I am sure that the client could configure that via a refspec)

Best Regards,

Philip

So how does that work when you clone a repository? 

If you have read access to master branch only, when you clone you get a repository with the master branch and all commits reachable from it, but no other branches (or commits only reachable from those other branches).

You can actually choose to do this (with any remote) by doing: 

git clone remote-url --branch master --single-branch

but I was hoping there might be a way to force that via a server permission

You might check to see if anyone has implemented a plugin that provides that capability, otherwise you could explore using a forking approach perhaps - this wouldn't be as straight forward of course.

Thanks for your ideas on this. When I looked on the Marketplace there was not anything obvious. With forking, I could create another repo which just has the master branch of the original one, but I am not sure how this could be kept in sync (fork syncing would presumably update all branches). However the answer may be to simply accept that branch based read restrictions are not supported 

I am looking for this same exact solution. Philip, did you find a solution? I want my manufacturing team and suppliers to only be able see Main and not the development branches. This is for mistake proofing, so they don't end up downloading from the branches.

Hi Parth, my current assumption is that this cannot be done using standard functionality or add-ons. As discussed above I don't agree that there is some fundamental reason why this couldn't be done , since you can elect to fetch only commits of certain branches via a branch based clone or a refspec. However I do not believe there is currently an easy way to enforce it via Bitbucket Server. Thanks, Philip 

Dear @Philip Armour

did you find the solution ? I have the same situation on my team.

cc: @parthjar@Rich Duncan

Cheers

Hi @Sina Fereshteh , apologies for delay in responding. As far as I am aware, the comment I made on Oct 13 is still true: there is no way to limit repository read-access to certain branches (which really means limiting transfer of the reachable commits from branch references). 

If you really need to restrict the read-access to some branches I recommend that you use a fork of the repository for the branches which you need to restrict. You can then restrict read-access to the fork. This achieves a similar outcome.

Hope that helps,

Philip

Hi @Philip Armour, I am a new user of Git.

I also want to restrict read access to a branch or folder in a repository. When I fork a repository, then entire repo will be copied to the new repo. Then what's next?

Can you please expaing it more details so user's like me will be able to understand.

Hi @gulshan9958

first I would consider carefully whether you really do need to restrict read-access to certain branches, because any solution comes with overheads and this is a non-standard pattern in git.

The idea with the fork is you have another copy of the repo which contains only the branches you want to restrict access to. After forking, you delete these branches in the original repository (so they now only exist in the fork).

Then by controlling read-access to the fork you are controlling read-access to the branches.

Hope that is a bit clearer,

Philip

Hi @Philip Armour

Is it possible to write hooks script for restricting read and write access to specific branch in bitbucket?

Hi @jash1th,

It's quite common for server hooks to restrict pushes (write access) based on properties of the push, which could include blocking based on branch. There would not be much point to that though, because bitbucket already has built-in functionality to control branch-based write access, so no need for a hook.

Read-access, which is what the original question was about, is a different matter entirely. This is about the commits which are downloaded to your repo when you do a clone or fetch. It's more about Git's server behaviour (not Bitbucket), and AFAIK you can't control which branches are transferred during clone or fetch by hooks or any built-in Bitbucket features.

Hope that is helpful