[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Multiple access filess when using SVNParentPath

From: Carlos Alberto Costa Beppler <beppler_at_gmail.com>
Date: 2005-11-30 02:52:22 CET

I really donĀ“t know in any other places, but here it would be very
cool if I could separate the access files. Every other configuration
is the same for all repositories.

We use mod_auth_sspi for authentication at / level on Apache ans since
today we use mod_macro to simplify the configuration of repositories.

The only difference is the access control that is very different for
every repository. It is based on the development team responsible by
the project stored on that repository. The manager of each project is
responsible to give or revoke access based on changes on his staff.

Today every change is reported to us and we are responsible to give or
revoke the access no repository.

But if it is difficult to implement, I will try another approach to
delegate the access control.

On 11/28/05, Ben Collins-Sussman <sussman@red-bean.com> wrote:
> Hm, that seems like pretty unusual use-case. Admins are the ones who
> typically manage authz policy files, not arbitrary groups of users.
> I guess I'm skeptical that there's really a problem to solve here.
> In one corner, the SVNParentPath feature allows a group of
> repositories to share a single configuration: authentication,
> authorization, and so on. In the other corner, SVNPath allows
> individual repositories to be individually configured. What you're
> proposing is a new feature that starts to blur the lines between the
> two existing features. The minor convenience you'd get doesn't seem
> worth the extra code (and UI) complexity that would be added to
> subversion.
> Maybe others feel differently.
> On 11/28/05, Carlos Alberto Costa Beppler <beppler@gmail.com> wrote:
> > Because different people will have access to modify the policy and I
> > can not give them rights to modify only parts of the file.
> >
> > On 11/28/05, Ben Collins-Sussman <sussman@red-bean.com> wrote:
> > > On 11/28/05, Carlos Alberto Costa Beppler <beppler@gmail.com> wrote:
> > > > +1 for a new feature where I can specify that the AuthzSVNAccessFile
> > > > is a relative path to the repository repository location (using the
> > > > conf directory as base by example).
> > > >
> > > > This can be very useful when using SVNParentPath and delegating the
> > > > administration of the access control.
> > > >
> > > > To not break the compability with existing configuration this could be
> > > > enabled by adding a new command to mod_authz_svn like
> > > > "AuthzSVNRelativePath" or something like this.
> > > >
> > >
> > > I don't understand, why do you want separate authz-policy files for
> > > separate repositories, when you can already control access to *all* of
> > > them with a single policy file?
> > >
> >
Received on Wed Nov 30 02:53:12 2005

This is an archived mail posted to the Subversion Dev mailing list.