[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: granting partial read access

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Wed, 29 Jun 2011 14:15:39 -0400

> Given the following structure:
>
> /customerA/projA/
> /customerA/projB/
> /customerA/projC/
> ...
> /customerB/projX/
> /customerB/projY/
> ...
>
> Is there an easy way to grant someone rw-access to /customerA/projB
> *only*, that is without something like the following in authz?
>
> [/]
> theguy = r
> @mydevs = rw
>
> [/customerA/projA]
> theguy =
>
> [/customerA/projB]
> theguy = rw
>
> [/customerA/projC]
> theguy =
>
> [/customerB]
> theguy =
>
> The tree is a bit deper in reality and has more projects and I
> don't
> want to clutter authz with lots of "no rights for theguy" entries,
> apart
> from that being inherently insecure since projD might appear pretty
> soon
> and unnoticed by me.
>
> To rephrase my question: Is there an easy way to grant somebody
> access
> to just one explicit subtree deep within the repository? It should
> not
> be possible to view any other part of the repository.
>
> Thanks,
>

Yes, and I expect you are even putting to much in there. Assuming theguy isn't in any other group I think you could do:

[/]
@mydevs = rw

[/customerA/projA]

[/customerA/projB]
theguy = rw

[/customerA/projC]

[/customerB]

I think that is sufficient. But, yea, as was said, it is easy enough to try.

BOb
Received on 2011-06-29 20:16:21 CEST

This is an archived mail posted to the Subversion Users mailing list.