Access Control example with Gitolite

We will see how simple Access Control can be with Gitolite. First, here's an example where the junior developers (let's call them Alice and Bob here) should be prevented from rewinding or deleting any branches, while the senior developers (Carol and David) are allowed to do so:

repo foo
 RW = alice bob
 RW+ = carol david

You probably guessed that the RW stands for read and write. The + in the second rule stands for force, just as it does in the push command, and allows you to rewind or delete a branch.

Now, suppose we want the junior developers to have some specific set of branches that they should be allowed to rewind or delete, a sort of "sandbox", if you will. The following command will help you to implement that:

 RW+ sandbox/ = alice bob

Alice and Bob can now push, rewind, or delete any branches whose names start with sandbox/.

Access Control at the repository level is even easier, and you may even have guessed what that looks like:

repo foo
 RW+ = alice
 R = bob

repo bar
 RW+ = bob
 R = alice

repo baz
 RW+ = carol
 R = alice bob

As you can see, you have three users with different access permissions for each of the three repositories. Doing this using the file systems' permissions mechanisms or POSIX ACLs would be doable, but quite cumbersome to set up and to audit/review.