In Azure DevOps, branch security for git repos defaults the 'Force push' property to 'Not set' for all Azure DevOps Groups. This effectively denies this permission.
We're following gitflow where I work and would generally deny this permission explicitly for persistent branches, Master and Develop; however, for feature branches I would rather this default to 'Allow', so that an admin doesn't have to be involved. Is there a way to default 'Force push' to 'Allow' for the Azure DevOps 'contributor' group for all branches, unless explicitly set to 'Deny'?
Cheers.
解決方案
You need to understand the Securities of Azure Repos first
There are two level of securities
Repo Level
Branch Level (By Default -Inherited from Repo Level) - YOU CAN CHANGE THIS ALSO
Default, in Azure Repos (Git), Rewrite and destroy history (force push) is Not Set at Repo Level.
This is the Inherited(by default) for every new branch you create. So you will have the value as Not set for every new branch you create with-in that Repo.
Your requirement will not be implemented directly since all the securities for a branch are by default inherited from the repo level.
The answer for your question
At repo level Set the Force Push - > Allow
This will be default inherited to all branches under your repo.
Change this Setting to Deny for the master, Develop, QA so far (which you need to administrate/secure)
BE CAREFUL ON THIS PERMISSION SINCE YOU ARE SETTING THIS TO ALLOW AT REPO LEVEL IS VERY DANGEROUS
![azure devops中文顯示亂碼_Azure Devops-無法擷取部署狀态[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)