> Given the following structure:
>
> /customerA/projA/
> /customerA/projB/
> /customerA/projC/
> ...
> /customerB/projX/
> /customerB/projY/
> ...
>
> Is there an easy way to grant someone rw-access to /customerA/projB
> *only*, that is without something like the following in authz?
>
> [/]
> theguy = r
> @mydevs = rw
>
> [/customerA/projA]
> theguy =
>
> [/customerA/projB]
> theguy = rw
>
> [/customerA/projC]
> theguy =
>
> [/customerB]
> theguy =
>
> The tree is a bit deper in reality and has more projects and I
> don't
> want to clutter authz with lots of "no rights for theguy" entries,
> apart
> from that being inherently insecure since projD might appear pretty
> soon
> and unnoticed by me.
>
> To rephrase my question: Is there an easy way to grant somebody
> access
> to just one explicit subtree deep within the repository? It should
> not
> be possible to view any other part of the repository.
>
> Thanks,
>
Yes, and I expect you are even putting to much in there. Assuming theguy isn't in any other group I think you could do:
[/]
@mydevs = rw
[/customerA/projA]
[/customerA/projB]
theguy = rw
[/customerA/projC]
[/customerB]
I think that is sufficient. But, yea, as was said, it is easy enough to try.
BOb
Received on 2011-06-29 20:16:21 CEST