RE: Recommendation for path-based authorisation auditing tool?

Hi David,

I hate to sound like I'm stating the bleeding obvious, but what about just looking at the authz file with a text editor?

It's not hard to interpret if your usernames are sensible. I've recently spent a little while making sure the projects are sorted in a sensible order, so finding particular projects is quite easy (apart from just using the built-in search functions).

Having said that, we use a home-grown tool (written by a long-gone colleague in C# and backed by an SQL database for administration items) for some network administration tasks. Mostly, this is useful as a lazy way of adding or deleting projects. I still use the text editor for modifying user permissions (because it's faster and easier).

Regards,

Geoff

        From: David Aldrich
        Sent: Friday, 27 September 2013 1:08 AM

        Hi Mark

          Thanks, that's a very helpful suggestion.

        Best regards

        David

        From: Mark Phippard
        Sent: 26 September 2013 16:06

        On Thu, Sep 26, 2013 at 11:02 AM, David Aldrich wrote:

                Hi Mark

                Thanks for replying. By auditing, I mean the ability to easily see who has access to a specified folder. I think we already have the recording of changes covered. svnauthz_accessof looks interesting, but it reports whether a specified user has access. I would prefer to ask 'who has access?' to a specified folder.

        OK. I am not aware of any tools commercial or otherwise that provide the information that way. If you use groups and have a finite number of them, it seems like it would be a fairly simple script to check each group against the path using the command line tool and report which ones have access.

        --
        Thanks
        
        Mark Phippard
        http://markphip.blogspot.com/

-- 
Apologies for the auto-generated legal boilerplate added by our IT department:
- The contents of this email, and any attachments, are strictly private
and confidential.
- It may contain legally privileged or sensitive information and is intended
solely for the individual or entity to which it is addressed.
- Only the intended recipient may review, reproduce, retransmit, disclose,
disseminate or otherwise use or take action in reliance upon the information
contained in this email and any attachments, with the permission of
Australian Arrow Pty. Ltd.
- If you have received this communication in error, please reply to the sender
immediately and promptly delete the email and attachments, together with
any copies, from all computers.
- It is your responsibility to scan this communication and any attached files
for computer viruses and other defects and we recommend that it be
subjected to your virus checking procedures prior to use.
- Australian Arrow Pty. Ltd. does not accept liability for any loss or damage
of any nature, howsoever caused, which may result
directly or indirectly from this communication or any attached files.