Protected branches ensure that collaborators on a repository cannot make irrevocable changes to branches. Required status checks ensure that all required CI tests are passing before collaborators can make changes to a protected branch. Branches within repositories that belong to organizations can be configured so that only certain users or teams can push to the branch.

Protected branches block several features of Git on a branch that a repository administrator chooses to protect. A protected branch:

Organization owners and users with admin permissions for a repository are always able to push to a protected branch. If you enable branch restrictions, only people or teams that have been given permission can push to a protected branch. For more information, see "Configuring protected branches and required status checks."

Restricted branch permissions.

Note: If the "Include administrators" option is checked with required status checks enabled on the branch and they fail, any attempt to push changes to the base branch will also fail, regardless of a user or team's permission status.