Hi, what policy do I need to set to give permissions for setting branch protection rules? I couldn’t find one that matches exactly the description, so I guess it must be covered by some other more general one. The user has permissions to see Actions, Settings>General and Settings>Retention, but does not have permission for Settings>Branches.

The

RepoManagementFullAccess

policy holds

branches:*

that should enable you to manage branch protection rules.

@Barak Amar I opened issue #5513 to track this - currently

branches:*

permissions are not documented.

Thanks 🙏 Would that have other “side” permissions? I’m wondering if it is too loose. Would this be a correct statement to restrict it to a specific repo?

{
  "action": [
    "branches:*"
  ],
  "effect": "allow",
  "resource": "arn:lakefs:fs:::repository/<repository-name>"
}

Thanks @Oz Katz

It works! Thank a lot 🙏