How do I set up tags for trunks and branches?

This article covers the full range of trunk and branch permissions possible. It is intended to complement the article here which explains high level concepts and processes around branching: in practice it is typical that there needs to be greater control around the branching workflow than that implied by that article and the article below explains how to set the permissions to match your particular requirements.

Quick set up

Here are two quick basic set ups, both of which allow the user to change the content of the branch; one to allow the user to push changes back to the trunk, and one where they cannot.

Push back possible

Tag the trunk with : -

edit:role 

and tag the branch with

edit:role

Push back not possible 

Tag the trunk with : -

branch:role
view:role

and tag the branch with

edit:role 

Detail

The branch tag applied to the trunk gives permission to perform branch actions on a node.  By tagging the trunk with:

branch:role

you are saying that that role has the ability to work in a branch on that dataset, however, in addition, access to these branches has to be given explicitly.

The full set of possible combinations is shown here : -

mceclip2.png

To use this chart, determine what access you want the user to have to both the trunk and the branch (top row for the trunk and left column for the branch), then read off from the intersection what tags to apply to the trunk and the branch.

For example, if you want the user to be able to update the branch, but not see the trunk, select 'Hidden' in the top row and 'Update' in the left column. The tags to apply are therefore : -

Trunk tag : -

branch:role

Branch tag, any one of 

view:role

or

update:role

or

edit:role

 

Branch: syntax and meaning

In terms of a general approach to branching, if a dataset is tagged

branch:role

then the nodes inside any branches derived from the trunk can be edited (including delete) by any individual who is assigned 'role' in the Users dataset.

As a simplified case study, consider the hrbp role in the tags below:

The branch: tag is important on the Trunk in addition to the view: tag.

In the image above, the "update" tag is needed to extend permissions on the Trunk to the Branch.

Commentary

Note that the user must also be given explicit permission to view the branch over and above the trunk, otherwise they will not be able to see it on their screen.

Although it is implied that the branch: tag could also be thought of as meaning "able to edit in branch" only loosely can we say this as:

  • branch: on a trunk does not give access to branches without view
  • the ability to change the name of the branch comes from edit: on the branch
  • properties belong to the trunk, no matter the permissions on the branch
  • the ability to push back is defined by the permissions on the trunk i.e. view: on trunk will not give push

Note that it is not possible to provide differing permissions to branches associated with the same trunk. To put that another way, it is not possible to set tagging up so that User A can update Branch A but only view Branch B. 

 

Have more questions? Submit a request

Comments