gitazure-devops

Some team members can push directly to main despite minimum amount of reviewers


Some of our team members can push directly to our main branch, and some can't.

We have the following branch policies:

There must be some kind of policy bypass, but I can't find anything online. Whatever I Google the only answer I get is "set a minimum number of reviewers". The accidental pushes to main are becoming a problem.


Solution

  • In addition to branch policies, you also need to configure branch security. Here's how to set AzDO permissions.

    You will find in branch security that some users can bypass pull requests, which you will want to disable.

    Tip: For shared branches such as main or master, my preference is to turn off inheritance and use explicit permissions. I then delete all default permissions and set permissions like this:

    In the (hopefully) rare instances when someone needs to bypass a PR, or push outside of a PR, or even force push, the admin can temporarily give that person permission to do so, and then remove the permission immediately afterwards.