[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Better approach for path-based authorization

From: Alfredo Anderson <alfredo_e_anderson_at_hotmail.com>
Date: 2006-07-25 21:44:37 CEST

Hi, we are faced with the following problem:We have one repository with multiple projects.We have two development teams and a QA Team.The development team A has read/write access to all the repository.The development team B has read/write access to only one project (and doesn't have access to anything else).The QA team has read/write access to the directory trunk/doc of every project (and doesn't have access to anything else).Currently our AuthzSVNAccessFile look like this[/]@A = rw@B = r # So they can see the list of projects in the repo@QA = r # So they can see the list of projects in the repo# For every project ProjectX there's an entry like the following[/ProjectX]@B =[/ProjectX/branches]@QA =[/ProjectX/tags]@QA =[/ProjectX/trunk/design]@QA =[/ProjectX/trunk/doc]@QA = rw[/ProjectX/trunk/src]@QA =This solution, cover our needs but * Implies considerable administrative work (modifying the AuthzSVNAccessFile )* Our security requirements can be broken (if someone creates a project but doesn’t modify the AuthzSVNAccessFile the project is accessible by QA and B)* With so much typing and the growing size of the AuthzSVNAccessFile is easy to mistype something ... giving access to unauthorized places.Does anyone know a better aproach ?For example Wildcards to do something like this[/*]@ATG =[/*/branches]@QA =[/*/tags]@QA =[/*/trunk/design]@QA =[/*/trunk/doc]@QA = rw[/*/trunk/src]@QA =Regards
Descubre Live.com - tu propia página de inicio, personalizada para ver rápidamente todo lo que te interesa en un mismo sitio.
Received on Tue Jul 25 21:46:07 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.