Hi Bob,
On Wed, Jun 29, 2011 at 02:15:39PM -0400, Bob Archer wrote:
> > Given the following structure:
> >
> > /customerA/projA/
> > /customerA/projB/
> > /customerA/projC/
> > ...
> > /customerB/projX/
> > /customerB/projY/
> > ...
> >
> > Is there an easy way to grant someone rw-access to /customerA/projB
> > *only*, that is without something like the following in authz?
> >
> > [/]
> > theguy = r
> > @mydevs = rw
> >
> > [/customerA/projA]
> > theguy =
> >
> > [/customerA/projB]
> > theguy = rw
> >
> > [/customerA/projC]
> > theguy =
> >
> > [/customerB]
> > theguy =
> >
> > The tree is a bit deper in reality and has more projects and I
> > don't
> > want to clutter authz with lots of "no rights for theguy" entries,
> > apart
> > from that being inherently insecure since projD might appear pretty
> > soon
> > and unnoticed by me.
> >
> > To rephrase my question: Is there an easy way to grant somebody
> > access
> > to just one explicit subtree deep within the repository? It should
> > not
> > be possible to view any other part of the repository.
> >
> > Thanks,
> >
>
> Yes, and I expect you are even putting to much in there. Assuming theguy isn't in any other group I think you could do:
>
> [/]
> @mydevs = rw
>
> [/customerA/projA]
>
> [/customerA/projB]
> theguy = rw
>
> [/customerA/projC]
>
> [/customerB]
>
> I think that is sufficient. But, yea, as was said, it is easy enough to try.
Okay, I thought, I'd need read access for / and /customerA.
For the record: I figured out that you can, in fact, grant read access
to just one particular directory within the repository.
Of course, this makes using Subclipse et al a bit cumbersome since you
cannot just browse the repo. It would be nice to have non-recursive
rights - that way, I could grant "r" to / and /customerA to theguy and
he would be able to see those folders but with only the subfolders he
has access to.
Thanks,
Tino.
--
"What we nourish flourishes." - "Was wir nähren erblüht."
www.tisc.de
Received on 2011-06-30 13:15:25 CEST