Service Account Exceptions for MRAPs - Allow Deletion of Non-Main Protected Branches
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
The Problem
The "Policy Exception settings" for service accounts only bypass some policy rules, not all of them. Specifically, the service account exception successfully bypasses the "direct commit" restriction. However, it cannot bypass the "prevent deletion of protected branches" rule. This blocks legitimate use cases where automated deletion of non-main protected branches is required.
Use Case
Organizations manage centrally-defined policies that enforce branch protection rules across projects. There is a need to allow service accounts to execute automated GitOps workflows that require deleting certain protected branches (e.g., "integration" or "develop" branches), while maintaining strict protections for regular developers (they should not be able to delete protected branches).
Proposed solution
Expand the "Policy Exception settings" to allow service accounts to bypass ALL policy rules, including the protected branch deletion restriction—or make it clear which specific rules can be bypassed and add granular controls.
@g.hickman would love your thoughts on this feature request which came from one of my Ultimate customers who recently started leveraging the service account exceptions feature for MRAPs.