> There are two types of ACLs:
>
> 1. ACLs of the versioned resource: Here I think of
> POSIX ACLs, or even
> extended attributes. These should be versioned. I do
> not remember having
> read anything about these on this list, only about
> X-flags.
I'm not sure how useful this would be since such
things are usually done upon install. OTOH, if
something like this were done, I would agree that
since these are attributes of the versioned object,
they should also be versioned.
> 2. ACLs controlling access to the repository: Some
> time ago there was a
> discussion on the list that came to the conclusion
> that versioning those
> would probably not make much sense, except maybe for
> a kind of group (as
> in project members) property which could be used as
> an identifier for
> non-versioned ACLs. Or did I get that wrong?
I would have no problems with versioning membership
information so long as the permissioning always uses
the latest version of the list.
OTOH, I seem to recall reading that permissioning
would be done using role-based access control (RBAC).
For example, the following info would be kept per
resource:
1. User u0 would have role r0 on element e0.
2. Role r0 would have certain defined permissions on
e0.
Am I recalling correctly? Or would it really be more
like POSIX ACLs?
Thanks,
Noel
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 14 01:39:44 2002