I hope that now the message gets displayed properly ...
Regards
From: "Alfredo Anderson" <alfredo_e_anderson@hotmail.com>
To: users@subversion.tigris.org
Subject: Better approach for path-based authorization
Date: Tue, 25 Jul 2006 19:44:37 +0000
Hi, we are faced with the following problem:
We have one repository with multiple projects.
We have two development teams and a QA Team.
The development team A has read/write access to all the repository.
The development team B has read/write access to only one project (and
doesn't have access to anything else).
The QA team has read/write access to the directory trunk/doc of every
project (and doesn't have access to anything else).
Currently our AuthzSVNAccessFile look like this
[/]
@A = rw
@B = r # So they can see the list of projects in the repo
@QA = r # So they can see the list of projects in the repo
# For every project ProjectX there's an entry like the following
[/ProjectX]
@B =
[/ProjectX/branches]
@QA =
[/ProjectX/tags]
@QA =
[/ProjectX/trunk/design]
@QA =
[/ProjectX/trunk/doc]
@QA = rw
[/ProjectX/trunk/src]
@QA =
This solution, cover our needs but
* Implies considerable administrative work (modifying the AuthzSVNAccessFile
)
* Our security requirements can be broken (if someone creates a project but
doesn’t modify the AuthzSVNAccessFile the project is accessible by QA and B)
* With so much typing and the growing size of the AuthzSVNAccessFile is easy
to mistype something ... giving access to unauthorized places.
Does anyone know a better aproach ?
For example Wildcards to do something like this
[/*]
@ATG =
[/*/branches]
@QA =
[/*/tags]
@QA =
[/*/trunk/design]
@QA =
[/*/trunk/doc]
@QA = rw
[/*/trunk/src]
@QA =
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 27 22:13:17 2006