Azure DevOps default permissions

Question

In Azure DevOps, branch security for git repos defaults the \'Force push\' property to \'Not set\' for all Azure DevOps Groups. This effectively denies this permission.

Answer 1

You need to understand the Securities of Azure Repos first

There are two level of securities

1. Repo Level
2. Branch Level (By Default -Inherited from Repo Level) - YOU CAN CHANGE THIS ALSO

Default, in Azure Repos (Git), Rewrite and destroy history (force push) is Not Set at Repo Level.

This is the Inherited(by default) for every new branch you create. So you will have the value as Not set for every new branch you create with-in that Repo.

Your requirement will not be implemented directly since all the securities for a branch are by default inherited from the repo level.

The answer for your question

1. At repo level Set the Force Push - > Allow
2. This will be default inherited to all branches under your repo.
3. Change this Setting to Deny for the master, Develop, QA so far (which you need to administrate/secure)

BE CAREFUL ON THIS PERMISSION SINCE YOU ARE SETTING THIS TO ALLOW AT REPO LEVEL IS VERY DANGEROUS