On 16.01.2015 13:55, Tom Ghyselinck wrote:
> Hi Brane,
>
> Thank you for the quick reply!
>
> Our point is that we would like define groups as
> <service>-<access>-<group>
>
>
> I.e. For our subversion service:
> vcs-r-some_group
> defines that "some_group" has "read" access for the subversion
> repository.
>
> - Some repositories allow read access to a select number of users.
> - Other repositories allow read access to all "authenticated
> users" (i.e. $authenticated).
>
> When we could add "$authenticated" to the "vcs-r-some_group",
> then this can be controlled by a single group while now, we need to add
> both.
Or you could just keep your group definitions up to date when you give
new users access to the repository. From the point of view of security,
this is actually the better option because it avoids mistakes. I.e.,
it's easier to see that you forgot to give someone access (they'll
report that) than that you unintentionally gave someone access (you have
to keep checking logs for that).
-- Brane
Received on 2015-01-16 14:15:20 CET