Ben Collins-Sussman <email@example.com> writes:
> > What if I want to restrict write access to a particular branch (say,
> > if I only want to allow the release engineering group to write to a
> > release branch)?
> Then you recursively add ACLs to each node in the branch; remember
> that a branch appears to be just another subdir in the filesystem.
There should be ACLs which apply recursively automatically -- that is,
to have read access to A/B/foo.c, you must not be fully blocked from
reading A and things below A. Such a block would be a property on A
only, no need to have it on A _and_ all A's children. (The filesystem
has to follow the path anyway, so it might as well check such
restrictions as it goes.)
> > What if I want to restrict read access to old versions of some files
> > due to licensing issues which have since been corrected?
> Oooh, that's an interesting use case.
> Maybe we need ACL properties that are both versioned *and*
> unversioned. Hm.
Yup. We have versioned and non-versioned properties (known as
"historical" and "non-historical"). You'd use the latter to
accomplish the above, of course.
Received on Sat Oct 21 14:36:17 2006