[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: RE: Better approach for path-based authorization

From: Alfredo Anderson <alfredo_e_anderson_at_hotmail.com>
Date: 2006-07-28 18:22:02 CEST

We are using ldap for user autentication.
The group definitions is not an issue, I'm trying to simplify per path
permissions specification.
Regards

>From: "Joshua Hastings" <jhastings@ruralins.com>
>To: "Alfredo Anderson"
><alfredo_e_anderson@hotmail.com>,<users@subversion.tigris.org>
>Subject: RE: RE: Better approach for path-based authorization
>Date: Thu, 27 Jul 2006 15:54:14 -0500
>
>Not knowing how you are set up, have you thought about using Active
>Directory user groups for authentication?
>
>Josh
>
>
>-----Original Message-----
>From: Alfredo Anderson [mailto:alfredo_e_anderson@hotmail.com]
>Sent: Thursday, July 27, 2006 3:12 PM
>To: users@subversion.tigris.org
>Subject: RE: Better approach for path-based authorization
>
>
>I hope that now the message gets displayed properly ...
>Regards
>
>From: "Alfredo Anderson" <alfredo_e_anderson@hotmail.com>
>To: users@subversion.tigris.org
>Subject: Better approach for path-based authorization
>Date: Tue, 25 Jul 2006 19:44:37 +0000
>
>Hi, we are faced with the following problem:
>
>We have one repository with multiple projects.
>We have two development teams and a QA Team.
>The development team A has read/write access to all the repository. The
>development team B has read/write access to only one project (and
>doesn't have access to anything else).
>The QA team has read/write access to the directory trunk/doc of every
>project (and doesn't have access to anything else).
>
>Currently our AuthzSVNAccessFile look like this
>
>[/]
>@A = rw
>@B = r # So they can see the list of projects in the repo
>@QA = r # So they can see the list of projects in the repo
>
># For every project ProjectX there's an entry like the following
>[/ProjectX] @B = [/ProjectX/branches] @QA = [/ProjectX/tags] @QA =
>[/ProjectX/trunk/design] @QA = [/ProjectX/trunk/doc] @QA = rw
>[/ProjectX/trunk/src] @QA =
>
>This solution, cover our needs but
>
>* Implies considerable administrative work (modifying the
>AuthzSVNAccessFile
>)
>* Our security requirements can be broken (if someone creates a project
>but
>doesn't modify the AuthzSVNAccessFile the project is accessible by QA
>and B)
>* With so much typing and the growing size of the AuthzSVNAccessFile is
>easy
>to mistype something ... giving access to unauthorized places.
>
>Does anyone know a better aproach ?
>
>For example Wildcards to do something like this
>
>[/*]
>@ATG =
>[/*/branches]
>@QA =
>[/*/tags]
>@QA =
>[/*/trunk/design]
>@QA =
>[/*/trunk/doc]
>@QA = rw
>[/*/trunk/src]
>@QA =
>
>Regards
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>For additional commands, e-mail: users-help@subversion.tigris.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>For additional commands, e-mail: users-help@subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 28 18:23:33 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.