While using source control, how can I have different permissions for groups of users for different parts of the source code?

Question

I have a problem about applying source control. I tried lots of things but I cannot figure it out. While using source control, I want to be able to have different permissions for groups of users for different parts of the source code.

We used to have one big repository containing the entire (Visual Studio) solution and all projects. But this time we need to be able to manage the permissions for different parts of the source code (per projects). This is important for protecting some parts of the intellectual property.

To provide a little illustration of the context:

• We develop code (mostly C# and C++) in Visual Studio (VS). We use Azure-DevOps in combination with git repositories.
• I have a (VS) solution that consists of many (20+) projects (project1, project2, ...).
• Most of these projects do not really run on their own (or it doesn't make sense to do it).
• You could consider these project e.g. libraries, (optional) modules/plugins.
• Each project requires different specific domain knowledge to develop.
• For certain tests, we need to have all the code in one big solution available so we can debug and set break points e.g.

What did I try:

Lots of things, but the closest to a working solution was:

• I created a separate repositories for each project. Then I can indeed manage the permissions per user very well.
• I created a repository for the solution, let's call this repository the CombinedRepo.
• Added the projects as git-submodules to CombinedRepo.

This set-up works when pulling the CombinedRepo incl. the submodules using VS. I can test, debug and make changed etc.

However, I have the following issues with this set-up:

• When we work in CombinedRepo and changed code of one of the submodules, and want to commit these changes, we get this error: fatal: unexpected sequence in commit output. (This is when using VS to commit).
• The other way around does also not work: If changes have been made in a submodule's own repo, I cannot pull these changes to our CombinedRepo (when using VS).

Answer 1

Visual Studio sees changes made in submodule folders, but fails to commit them.

To workaround it, go to Team Explorer - Manage Connections - Local Git Repositories - Add, browse to submodule folder and confirm with Add. Double click on the local repository created to open it.

Now You can commit changes and push them to the remote origin like You would do just in original submodule repository.

Than open again Your local repository containing the submodule folder, go to changes and commit them to include changed submodule state in main module.

Here are some feature request links, you could follow them to get the latest news.

• Full Git submodule support

• Allow multiple Git repositories to be active at once

In addition, If you only want to restrict users or team members from submitting code, we could set branch policy and disable the branch permission Bypass policies when pushing. Then all users need to create pull request to push the commit, and you could check the commit and approve the Pull Request.

Update

I want to be able to have different permissions for groups of users for different parts of the source code.

Thanks for Stefan sharing.

If we are using TFVC repo, we could configure the folder/file permission for groups of users. Check the pic below.