We will see how simple Access Control can be with Gitolite. First, here's an example where the junior developers (let's call them Alice and Bob here) should be prevented from rewinding or deleting any branches, while the senior developers (Carol and David) are allowed to do so:
Tip
We will see this in more detail in later chapters, but Gitolite uses a plain text file to specify the configuration, and these access rules are placed in that file.
repo foo RW = alice bob RW+ = carol david
You probably guessed that the RW stands for read and write. The + in the second rule stands for force, just as it does in the push command, and allows you to rewind or delete a branch.
Now, suppose we want the junior developers to have some specific set of branches that they should be allowed to rewind or delete, a sort of "sandbox", if you will. The following command will help you to implement that:
RW+ sandbox/ = alice bob
Alice and Bob can now push, rewind, or delete any branches whose names start with sandbox/.
Access Control at the repository level is even easier, and you may even have guessed what that looks like:
repo foo RW+ = alice R = bob repo bar RW+ = bob R = alice repo baz RW+ = carol R = alice bob
As you can see, you have three users with different access permissions for each of the three repositories. Doing this using the file systems' permissions mechanisms or POSIX ACLs would be doable, but quite cumbersome to set up and to audit/review.