Restricting your team’s source control access

A guide to controlling your team's ability to connect to and interact with source control in Gearset

Matt Cree avatar
Written by Matt Cree
Updated over a week ago

Access to source control providers can be restricted at the team level to improve security and streamline the experience when using source control in Gearset.

There are two primary scenarios this was designed to mitigate:

  1. Team members connecting to source control providers that are unrelated to their day-to-day job.

  2. Team members being able to deploy to and from their own personal repositories using Gearset.

We will use Bitbucket as an example throughout, but the same thing applies to all source control providers.

Restricting to allowed source control providers

Initially, source control providers are unrestricted in Gearset. This means that:

  • Team members can connect any supported source control providers to their account

  • Team members can see all repositories they have access to in repository listings, including their personal repositories.

You can configure your team’s source control provider restrictions on the Team Security page under My Account.

The Source control providers section acts as an "allow" list. This means:

  • If the list is empty, all source control providers are unrestricted.

  • If the list contains any source control providers, then only those listed providers can be connected to

As an example, if your team only needs to access Bitbucket repositories, it's possible to add Bitbucket to your allow list:

With that restriction in place, there are a few effects throughout Gearset:

  • The only visible source control provider on the Source control and services table is Bitbucket

    • Note, This is a team wide restriction and once a restriction is added, they can only connect to this specified provider. This means the options to add other VCS providers will not be displayed in the Source control and services

    • Connections set up prior to the restriction will remain with an error

  • Source control provider selections / drop downs will only show Bitbucket

Restricting to only allowed repositories

Ordinarily, all repositories that the team member has access to on the source control provider will be shown in Gearset’s repository listings.

When configuring your allowed source control providers, you can specify a list of allowed repository URL patterns, which will be used to filter the repository listings throughout Gearset. The URL should be the clone URL.

By doing this, you help to solve the problem of personal and unrelated repositories appearing in Gearset’s repository listings.

As an example, for a Bitbucket restriction, I can clone the path from my repository like this and update the same in Gearset.

You can configure this restriction on the Team Security page > Source control providers under My Account.

In the example above, only the "teamworkspace" repository will be listed. All others will be filtered out. You can use full URLs as well as ? and * wildcards. You can have up to 100 URLs or patterns.

Note - Other providers have different formats which must be followed to setup correctly. It is also shown as a tip when you select the respective providers.

Did this answer your question?