How to Implement Branch Protection Rules
Diagram of implementing branch protection: set required status checks, enable PR reviews and approvals, restrict who can push, enforce linear history, protect main and dev branches
How to Implement Branch Protection Rules
Modern software development teams face constant pressure to deliver features quickly while maintaining code quality and system stability. Without proper safeguards, a single problematic commit can cascade into production issues, costing organizations time, money, and reputation. Branch protection rules serve as essential guardrails that prevent such scenarios, ensuring that every code change meets established quality standards before integration.
Branch protection rules are configuration settings applied to specific branches in version control systems that enforce workflows, require approvals, and mandate automated checks before code can be merged. These rules transform your repository from an open playground into a structured environment where quality gates ensure consistency. By examining implementation strategies across different platforms, team structures, and project requirements, we can understand how to tailor these protections to your specific needs.
Throughout this comprehensive guide, you'll discover practical implementation strategies for major version control platforms, learn how to configure rules that balance security with developer productivity, and explore advanced patterns that sophisticated teams use to maintain code quality. Whether you're managing a small team or coordinating across multiple departments, you'll find actionable insights for establishing branch protection rules that enhance rather than hinder your development workflow.
Understanding the Foundation of Branch Protection
Branch protection rules operate at the intersection of access control, automated validation, and collaborative workflow management. These mechanisms prevent direct pushes to protected branches, requiring instead that changes flow through pull requests or merge requests where they can be reviewed, tested, and validated. The fundamental principle is simple: critical branches should never receive untested or unreviewed code.
Different version control platforms implement branch protection with varying capabilities and terminology. GitHub offers branch protection rules with options for required reviews, status checks, and signed commits. GitLab provides protected branches with configurable push and merge permissions. Bitbucket implements branch permissions with merge checks and required builds. Despite these platform differences, the underlying concepts remain consistent across systems.
The power of branch protection extends beyond simple access control. When properly configured, these rules create a framework that enforces your team's development standards automatically. They eliminate the need for manual enforcement of policies, reducing the cognitive load on team leads and ensuring consistent application of quality standards regardless of time pressure or project urgency.
"The moment we implemented mandatory code reviews through branch protection, our production incident rate dropped by sixty percent within the first quarter."
Core Components of Effective Branch Protection
Successful branch protection strategies incorporate multiple layers of validation working in concert. Required pull requests ensure that no one, regardless of permissions, can bypass the review process. Status checks integrate with continuous integration systems to verify that automated tests pass before merging. Code owner reviews guarantee that domain experts approve changes to critical system components. Conversation resolution requirements prevent merging while open questions remain unaddressed.
Each protection layer addresses specific risk categories. Required reviews catch logical errors, design issues, and knowledge gaps that automated systems cannot detect. Status checks verify functional correctness through automated testing. Signed commits provide cryptographic proof of authorship, preventing impersonation. Restricting who can push to protected branches limits the blast radius of credential compromise or insider threats.
| Protection Type | Primary Purpose | Risk Mitigated | Implementation Complexity |
|---|---|---|---|
| Required Reviews | Human validation of code changes | Logic errors, security vulnerabilities | Low |
| Status Checks | Automated testing validation | Functional regressions, build failures | Medium |
| Branch Restrictions | Access control | Unauthorized changes, accidents | Low |
| Signed Commits | Authorship verification | Impersonation, tampering | Medium |
| Force Push Prevention | History preservation | Data loss, audit trail destruction | Low |
Implementing Branch Protection on GitHub
GitHub provides comprehensive branch protection capabilities through repository settings, accessible to users with admin permissions. The implementation process begins by navigating to the repository settings, selecting "Branches" from the sidebar, and adding a branch protection rule. GitHub uses pattern matching, allowing you to protect multiple branches with a single rule using wildcards.
For a typical main branch protection setup, start by creating a rule for the main branch. Enable "Require a pull request before merging" to prevent direct pushes. Within this option, specify the minimum number of required approving reviews—most teams find that requiring at least one review balances thoroughness with velocity. Consider enabling "Dismiss stale pull request approvals when new commits are pushed" to ensure reviewers see the final code version.
Configuring Status Checks on GitHub
Status checks integration represents one of the most powerful aspects of GitHub branch protection. After enabling "Require status checks to pass before merging," you'll see a list of available checks based on your CI/CD integrations. Select which checks must pass before merging—typically including unit tests, integration tests, linting, and security scans. The "Require branches to be up to date before merging" option ensures that code is tested against the latest main branch state, preventing integration issues.
GitHub allows you to specify whether status checks are required or optional. Required checks block merging until they pass, while optional checks provide information without enforcement. For critical systems, make all quality gates required. For less critical projects or during initial implementation phases, consider starting with optional checks and gradually transitioning to required status as teams adapt to the workflow.
- 🔒 Require pull request reviews - Ensures human oversight of all changes
- ✅ Require status checks - Validates automated test passage
- 🔄 Require branches to be up to date - Prevents integration conflicts
- 🚫 Restrict who can push - Limits direct push access to specific users or teams
- ✍️ Require signed commits - Verifies commit authenticity cryptographically
"Requiring status checks to pass before merging eliminated an entire category of bugs that previously made it to production despite code review."
Advanced GitHub Protection Patterns
Sophisticated teams leverage additional GitHub protection features for enhanced security and workflow control. The "Require conversation resolution before merging" option prevents merging pull requests with unresolved review comments, ensuring that all feedback is addressed. "Require linear history" enforces a clean commit history by preventing merge commits, though this requires teams to use rebase workflows.
For organizations with compliance requirements, enable "Include administrators" to apply branch protection rules even to repository administrators. This creates true enforcement of quality standards regardless of role. However, recognize that this can create operational challenges during emergencies—establish clear procedures for temporarily disabling protections when necessary, with appropriate logging and approval processes.
GitHub's CODEOWNERS file integration with branch protection creates powerful domain-specific review requirements. By placing a CODEOWNERS file in your repository root, you can specify which teams or individuals must approve changes to specific paths. When combined with "Require review from Code Owners," this ensures that database schema changes are reviewed by database experts, security-sensitive code receives security team approval, and infrastructure changes get infrastructure team oversight.
Implementing Branch Protection on GitLab
GitLab's approach to branch protection emphasizes flexibility and integration with its comprehensive DevOps platform. Protected branches in GitLab combine access control with merge request requirements, creating a cohesive workflow that spans from development through deployment. Access the branch protection settings through your project's Settings menu under Repository, then expand the "Protected branches" section.
GitLab offers granular control over both push and merge permissions. You can specify which roles can push to protected branches, with options including "No one," specific users, roles like Maintainer or Developer, or everyone. Similarly, merge permissions can be restricted to specific roles or users. A common configuration allows no direct pushes while permitting Maintainers to merge after approval, creating a clear separation between development and integration responsibilities.
Merge Request Approval Rules in GitLab
GitLab's approval rules system provides sophisticated control over merge request requirements. Navigate to Settings > General > Merge request approvals to configure project-level approval rules. You can require a minimum number of approvals, specify eligible approvers, and create rules that apply to all merge requests or only those targeting specific branches.
The approval rule configuration supports complex scenarios through multiple rule creation. For example, you might require one approval from any developer for routine changes, but require additional approvals from security team members for changes affecting authentication or authorization code. GitLab's code owner approval rules automatically require approval from designated code owners based on file paths, similar to GitHub's CODEOWNERS functionality.
| Protection Level | Push Access | Merge Access | Typical Use Case |
|---|---|---|---|
| No Protection | All members | All members | Feature branches, personal branches |
| Protected | Maintainers only | Developers + Maintainers | Release branches, staging branches |
| Highly Protected | No one | Maintainers only | Main/master branch, production branch |
| Custom Protected | Specific users/groups | Specific users/groups | Infrastructure branches, deployment branches |
Pipeline Integration with GitLab Branch Protection
GitLab's tight integration between branch protection and CI/CD pipelines enables powerful quality gates. In your merge request settings, enable "Pipelines must succeed" to prevent merging when pipeline jobs fail. This ensures that all automated tests, security scans, and build processes complete successfully before code reaches protected branches.
Merge request pipelines run specifically for merge requests, testing the result of merging the source branch into the target branch. This catches integration issues that might not appear when testing branches in isolation. Configure these pipelines in your .gitlab-ci.yml file using the merge_request_event trigger, and ensure your branch protection requires their success.
"GitLab's approval rules let us implement a security review requirement without slowing down regular development work—only changes touching security-sensitive paths require the additional approval."
Wildcard Branch Protection in GitLab
GitLab supports wildcard patterns for protecting multiple branches with a single rule, particularly useful for managing release branches or environment-specific branches. Use asterisk wildcards to match multiple branches: release/* protects all release branches, production-* protects all production deployment branches, and stable-* protects stable version branches.
When using wildcards, carefully consider the order of protection rules, as GitLab applies the first matching rule. More specific patterns should appear before general patterns to ensure correct application. For instance, place a rule for release/1.0 before a rule for release/* if the specific release requires different protection settings.
Implementing Branch Protection on Bitbucket
Bitbucket's branch permission system provides repository administrators with flexible controls over branch access and merge requirements. Access branch permissions through Repository settings > Branch permissions, where you can create rules that apply to specific branches or branch patterns. Bitbucket's interface emphasizes visual clarity, making it straightforward to understand which protections apply to which branches.
Creating a branch permission in Bitbucket starts with specifying the branch pattern—either a specific branch name like main or a wildcard pattern like release/**. After defining the pattern, configure the permission type: prevent deletion, prevent rewriting history, restrict pushes, or restrict merges. Each permission type addresses specific protection needs, and multiple permissions can be combined on a single branch.
Merge Checks in Bitbucket
Bitbucket's merge checks system enforces quality standards before pull requests can be merged. Navigate to Repository settings > Merge checks to configure these requirements. Available checks include minimum approvals, successful builds, default reviewer approval, and all tasks resolved. Each merge check creates a gate that must be satisfied before the merge button becomes active.
The minimum approvals setting specifies how many reviewers must approve before merging. Bitbucket allows you to require anywhere from one to ten approvals, with most teams finding that one or two approvals provide adequate oversight without creating bottlenecks. Enable "Reset approvals when the source branch changes" to ensure that approvals reflect the current state of the code rather than earlier versions.
- 👥 Minimum approvals - Requires specified number of reviewer approvals
- 🏗️ Successful builds - Ensures CI/CD pipeline success before merging
- 👀 Default reviewers - Requires approval from designated reviewers
- ✔️ All tasks resolved - Prevents merging with open review tasks
- 🔄 No merge commits - Enforces rebase or squash merge strategies
Integrating Bitbucket Pipelines with Branch Protection
Bitbucket Pipelines integration with branch protection ensures that automated validation completes successfully before code reaches protected branches. Enable the "Check for successful builds" merge check to prevent merging pull requests with failing pipelines. This check verifies that all required pipeline steps complete successfully, including tests, security scans, and build processes.
Configure your bitbucket-pipelines.yml file to define which pipeline steps are required for pull requests. Use the pull-requests section to specify validation steps that run when pull requests are created or updated. Bitbucket automatically integrates these pipeline results with merge checks, blocking merges when pipelines fail and allowing merges when all steps succeed.
"Bitbucket's branch permission system gave us exactly the granularity we needed—preventing force pushes while still allowing our release managers to merge approved changes."
Default Reviewers and Code Owners
Bitbucket's default reviewers feature automatically adds specified users or groups as reviewers on pull requests targeting protected branches. Configure default reviewers in Repository settings > Default reviewers, specifying which users should review changes to specific paths. This ensures that domain experts see relevant changes without requiring manual reviewer assignment.
When combined with the "Require default reviewer approval" merge check, default reviewers become mandatory approvers rather than optional participants. This creates a code ownership system where specific individuals or teams must approve changes to their areas of responsibility. For example, configure database experts as default reviewers for migrations/** paths, ensuring they approve all schema changes.
Designing Branch Protection Strategies for Different Team Structures
Effective branch protection rules must align with your team's structure, size, and workflow patterns. Small teams with high trust and frequent communication can often operate with lighter protection rules, while larger distributed teams benefit from more comprehensive enforcement. The key is finding the balance between protection and productivity that suits your specific context.
Branch Protection for Small Teams
Small teams of fewer than ten developers typically know each other well and communicate frequently. For these teams, branch protection should focus on preventing accidents rather than enforcing rigid processes. A minimal effective configuration includes requiring pull requests for the main branch, requiring at least one approval, and requiring CI pipelines to pass. This prevents direct pushes while maintaining development velocity.
Avoid over-engineering branch protection for small teams. Excessive rules create friction without proportional benefit when team members already maintain high visibility into each other's work. Focus protection efforts on the main branch and production branches, leaving feature branches unprotected to allow flexible experimentation and rapid iteration.
Branch Protection for Medium Teams
Medium teams of ten to fifty developers require more structure as direct communication becomes less reliable. Implement required reviews with at least two approvals for critical branches, ensuring that multiple perspectives examine each change. Add code owner requirements for specialized areas like security, infrastructure, or data models, guaranteeing expert review of sensitive changes.
Medium teams benefit from branch protection patterns that reflect component ownership. Create protection rules that require approval from specific teams based on file paths—frontend team approval for UI changes, backend team approval for API changes, and data team approval for database modifications. This distributes review responsibility while ensuring appropriate expertise reviews each change.
Branch Protection for Large Organizations
Large organizations with more than fifty developers need comprehensive branch protection that scales across multiple teams and repositories. Establish organization-wide baseline requirements that all repositories must meet, then allow individual teams to add stricter requirements as needed. Common baseline requirements include mandatory pull requests, at least one approval, passing CI checks, and signed commits.
Large organizations should leverage branch protection to enforce compliance and security requirements consistently. Require security team approval for changes affecting authentication, authorization, or data handling. Mandate infrastructure team approval for deployment configuration changes. Use required status checks to integrate security scanning, license compliance checking, and other automated governance tools.
"Scaling our branch protection strategy across forty teams required us to establish sensible defaults while allowing teams to strengthen protections for their specific needs."
Advanced Branch Protection Patterns
Beyond basic protection configurations, sophisticated teams implement advanced patterns that address complex workflow requirements. These patterns combine multiple protection mechanisms to create comprehensive quality gates while maintaining developer productivity.
Tiered Protection Strategy
A tiered protection strategy applies different protection levels to different branch types based on their criticality. Production branches receive the strongest protection with multiple required approvals, comprehensive status checks, and restricted merge access. Staging branches receive moderate protection with single approval and essential status checks. Development branches receive minimal protection, allowing rapid iteration while still preventing destructive operations.
Implement tiered protection using branch naming conventions and wildcard protection rules. Protect production and prod-* branches with maximum restrictions. Protect staging and stage-* branches with moderate restrictions. Protect main or develop branches with baseline restrictions. Leave feature branches unprotected or with minimal restrictions to preserve development flexibility.
Time-Based Protection Adjustments
Some teams adjust branch protection rules based on development phase or time periods. During active development sprints, lighter protection rules allow rapid iteration. During code freeze periods before releases, stricter protection rules prevent destabilizing changes. While version control systems don't natively support time-based rules, teams can implement this pattern through automation scripts that modify protection settings based on schedule or release phase.
Consider implementing emergency bypass procedures for critical production issues. Define clear criteria for when protections can be temporarily relaxed, establish approval processes for bypass requests, and implement comprehensive logging of protection modifications. After emergencies resolve, immediately restore full protection and conduct retrospectives to understand why the bypass was necessary.
Progressive Protection Rollout
Introducing comprehensive branch protection to existing projects requires careful change management. Start with minimal protection—preventing force pushes and requiring pull requests—then gradually add requirements over weeks or months. This progressive approach allows teams to adapt workflows, fix CI/CD reliability issues, and build review capacity without overwhelming developers with sudden process changes.
Monitor metrics during protection rollout to understand impact and adjust accordingly. Track pull request cycle time, review response time, and merge frequency. If metrics deteriorate significantly, investigate whether protection rules are too strict, whether CI/CD infrastructure needs improvement, or whether teams need additional training on new workflows.
Common Pitfalls and How to Avoid Them
Branch protection implementation frequently encounters predictable challenges that can undermine effectiveness or create excessive friction. Understanding these pitfalls helps you design protection strategies that avoid common mistakes.
Over-Protection and Developer Friction
The most common mistake is implementing overly restrictive protection rules that slow development without proportional quality improvement. Requiring three or more approvals, mandating approval from specific individuals who become bottlenecks, or requiring excessive status checks creates frustration and encourages workarounds. Protection rules should enhance quality without making normal development feel like navigating bureaucracy.
Avoid over-protection by starting with minimal rules and adding requirements only when clear quality issues emerge. Regularly review protection rules to identify unnecessary restrictions. Gather feedback from developers about friction points and be willing to adjust rules that create more problems than they solve. Remember that branch protection is a tool for enabling quality, not an end in itself.
Inconsistent Protection Across Repositories
Organizations with multiple repositories often struggle with inconsistent protection configurations, leading to confusion and gaps in quality enforcement. Some repositories have comprehensive protection while others have none, creating uneven quality standards. Developers moving between repositories encounter different workflows, reducing efficiency and increasing error risk.
Address inconsistency by establishing organization-wide baseline protection requirements and providing templates or automation for applying them. Use infrastructure-as-code approaches to define protection rules, storing configurations in a central repository where they can be reviewed and consistently applied. Regularly audit repository protection settings to identify and remediate gaps.
"We discovered that our most critical microservice had no branch protection because it was created before we established organization-wide standards—that audit was a wake-up call."
Unreliable CI/CD Blocking Merges
Requiring status checks to pass before merging becomes counterproductive when CI/CD systems are unreliable. Flaky tests that fail intermittently, infrastructure issues causing pipeline failures, or excessively long pipeline run times create legitimate reasons for developers to circumvent protection rules. Before making status checks required, ensure that your CI/CD infrastructure is stable and that tests are reliable.
Improve CI/CD reliability before enforcing strict status check requirements. Identify and fix flaky tests, optimize pipeline performance to reduce run times, and implement retry logic for infrastructure-related failures. Monitor pipeline success rates and only make checks required when they consistently pass for valid code and consistently fail for invalid code.
Inadequate Emergency Procedures
Production emergencies occasionally require rapid fixes that cannot wait for normal review processes. Without clear emergency procedures, teams either delay critical fixes while following normal processes or bypass protections in ad-hoc ways that create audit and security concerns. Establish documented emergency procedures before emergencies occur.
Define what constitutes an emergency justifying protection bypass, specify who can authorize bypasses, and establish logging requirements for all emergency actions. Consider implementing a "break glass" process where specific individuals can temporarily disable protections with automatic notification to leadership and security teams. Require post-incident reviews for all emergency bypasses to understand root causes and prevent recurrence.
Monitoring and Maintaining Branch Protection Rules
Branch protection rules require ongoing monitoring and maintenance to remain effective as teams, processes, and technologies evolve. Establish regular review cycles to assess whether protection rules continue serving their intended purposes without creating unnecessary friction.
Metrics for Evaluating Protection Effectiveness
Track quantitative metrics that indicate whether branch protection rules are achieving quality goals. Monitor production incident rates to understand whether protection rules reduce defects reaching production. Track pull request cycle time to ensure that review requirements don't create excessive delays. Measure code review participation rates to verify that required reviews receive meaningful attention rather than rubber-stamp approvals.
Complement quantitative metrics with qualitative feedback from developers. Conduct regular surveys or retrospectives asking teams whether protection rules feel appropriate, whether they encounter friction points, and whether they see quality improvements. Developer sentiment provides early warning of protection rules that may need adjustment before they create serious productivity problems.
Adapting Protection Rules as Teams Mature
Teams evolve over time, and branch protection rules should evolve with them. Newly formed teams may need lighter protection rules while they establish workflows and build trust. Mature teams with strong quality cultures may need less enforcement as good practices become habitual. Conversely, teams experiencing quality issues may benefit from temporarily stricter rules until problems are resolved.
Review protection rules quarterly or semi-annually, adjusting based on team maturity, quality metrics, and feedback. Don't treat initial protection configurations as permanent—they're starting points that should be refined through experience. Document the reasoning behind protection rule changes so teams understand why adjustments are made.
Auditing Protection Compliance
Regular audits ensure that all repositories maintain appropriate protection rules and that no gaps exist in quality enforcement. Automated auditing tools can scan organization repositories, identify those lacking required protections, and generate reports for remediation. Many version control platforms provide APIs enabling custom audit scripts tailored to your organization's requirements.
Include branch protection compliance in security and compliance review processes. When onboarding new repositories, include protection configuration as a required setup step. When decommissioning repositories, document their protection settings for future reference. Maintain a central registry of repository protection requirements to facilitate consistent enforcement.
Integrating Branch Protection with Broader Development Practices
Branch protection rules work best when integrated with complementary development practices that reinforce quality and collaboration. Isolated protection rules create compliance checkboxes; integrated protection rules create comprehensive quality systems.
Combining Branch Protection with Trunk-Based Development
Trunk-based development emphasizes frequent integration to a main branch, with feature development occurring in short-lived branches. Branch protection rules support this approach by ensuring that each integration meets quality standards through required reviews and status checks. Configure protection rules to require branches to be up-to-date before merging, preventing integration conflicts and ensuring changes are tested against the latest code.
For trunk-based development, focus protection on the main trunk branch while keeping feature branch protection minimal. This encourages developers to integrate frequently while ensuring that the trunk remains stable. Consider requiring feature flags for incomplete features, allowing code to merge to the trunk while keeping functionality hidden until ready for release.
Branch Protection in GitFlow and Similar Strategies
GitFlow and similar branching strategies use multiple long-lived branches with defined purposes—typically main, develop, and release branches. Apply different protection levels to each branch type based on its role. The main branch receives maximum protection as it represents production code. The develop branch receives moderate protection as it represents the next release. Release branches receive high protection to prevent destabilizing changes during stabilization periods.
Configure protection rules that reflect the flow of changes through your branching strategy. Require that changes to main come only from release branches, not directly from feature branches. Require that release branches merge only from develop. This creates a structured flow where code progresses through increasingly strict quality gates as it approaches production.
Branch Protection and Continuous Deployment
Continuous deployment pipelines automatically release code to production after passing automated checks. In this context, branch protection rules become critical safety mechanisms preventing faulty code from automatically deploying. Configure required status checks that include comprehensive test suites, security scanning, performance testing, and any other validations necessary before production deployment.
For continuous deployment, consider implementing progressive delivery patterns within your branch protection strategy. Require status checks that verify successful deployment to staging environments before allowing merges to production branches. Integrate monitoring and observability checks that verify application health in staging before promoting to production. This creates multiple safety gates between code changes and production impact.
Frequently Asked Questions
How many reviewers should I require for branch protection?
Most teams find that requiring one or two reviewers provides adequate oversight without creating bottlenecks. Start with one required reviewer and increase to two if you're experiencing quality issues or working on critical systems. Requiring more than two reviewers rarely provides proportional benefit and often creates scheduling challenges. Focus on review quality rather than quantity—one thorough review from a knowledgeable reviewer is more valuable than multiple cursory reviews.
Should I apply branch protection to all branches or only main branches?
Apply comprehensive protection to critical branches like main, master, production, and release branches. Apply lighter protection or no protection to feature branches and development branches to preserve development flexibility. Over-protecting feature branches creates friction without proportional benefit since these branches don't directly impact production systems. Use branch naming conventions and wildcard patterns to efficiently protect multiple related branches with similar criticality.
What should I do if branch protection rules are slowing down development too much?
First, identify the specific protection rules causing friction through developer feedback and metrics analysis. Common culprits include excessive required approvals, unreliable CI/CD checks, or overly broad protection applied to low-risk branches. Address root causes—fix flaky tests, optimize pipeline performance, or reduce approval requirements—rather than disabling protection entirely. Consider implementing tiered protection where critical branches have strict rules while less critical branches have lighter requirements.
How do I handle emergency situations that require bypassing branch protection?
Establish documented emergency procedures before emergencies occur. Define what constitutes a legitimate emergency, specify who can authorize protection bypasses, and implement comprehensive logging of all emergency actions. Consider creating an emergency branch that bypasses normal protection but requires immediate post-incident review and remediation. Some platforms allow temporary protection disabling with automatic re-enabling after a specified time period, providing a built-in safeguard against forgotten emergency overrides.
Can I use branch protection rules to enforce code style and formatting standards?
Yes, integrate linting and formatting checks into your CI/CD pipeline and require these status checks to pass before merging. This automates style enforcement without requiring reviewers to focus on formatting issues. Configure automatic formatting tools to run on pre-commit hooks or in CI pipelines, and consider implementing auto-fixing where tools can automatically correct style violations. This allows reviewers to focus on logic, design, and architecture rather than syntax and formatting.
Should administrators be exempt from branch protection rules?
In most cases, administrators should not be exempt from branch protection rules. Applying rules to administrators ensures consistent quality standards regardless of role and prevents accidental bypasses during routine work. However, recognize that administrator exemption may be necessary for emergency situations or initial repository setup. If you do exempt administrators, implement comprehensive logging of their actions and establish clear policies about when exemption privileges should be used.
