[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: How to best manage authorization after tag/branch creation?

From: Shaun Pinney <shaun.pinney_at_bil.konicaminolta.us>
Date: Wed, 13 Oct 2010 11:12:42 -0700

> Do you need to restrict READ access to the branch or tag, or do you
> simply want to restrict COMMIT access.

Thanks for the response. We need both, but restricting read access is
the main concern at the moment. So far, I only know of AuthUserFile
for controlling read access.

> If you just want to restrict commit access, you can use a pre-commit
> hook to kill a commit transaction if the user who doesn't have
> permission attempts to change a tag or branch.

Good to know. I'll check into the script you've mentioned. At the
moment, we've removed read access to /tags for most users. But this
is not a good long term solution.

> By the way, there's also a way to configure Apache httpd to use LDAP
> instead of a regular text file. This means that users will have access
> to your Subversion repository based upon their Windows or Unix account
> and that users will automatically get logins and have their access
> removed when they get hired or move on.

That's something we'll definitely consider. We have some other quirks
with account management to sort out first :)

Received on 2010-10-13 20:14:55 CEST

This is an archived mail posted to the Subversion Users mailing list.