[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: granting partial read access

From: Tino Schwarze <subversion.lists_at_tisc.de>
Date: Thu, 30 Jun 2011 13:14:49 +0200

Hi Bob,

On Wed, Jun 29, 2011 at 02:15:39PM -0400, Bob Archer wrote:
> > Given the following structure:
> >
> > /customerA/projA/
> > /customerA/projB/
> > /customerA/projC/
> > ...
> > /customerB/projX/
> > /customerB/projY/
> > ...
> >
> > Is there an easy way to grant someone rw-access to /customerA/projB
> > *only*, that is without something like the following in authz?
> >
> > [/]
> > theguy = r
> > @mydevs = rw
> >
> > [/customerA/projA]
> > theguy =
> >
> > [/customerA/projB]
> > theguy = rw
> >
> > [/customerA/projC]
> > theguy =
> >
> > [/customerB]
> > theguy =
> >
> > The tree is a bit deper in reality and has more projects and I
> > don't
> > want to clutter authz with lots of "no rights for theguy" entries,
> > apart
> > from that being inherently insecure since projD might appear pretty
> > soon
> > and unnoticed by me.
> >
> > To rephrase my question: Is there an easy way to grant somebody
> > access
> > to just one explicit subtree deep within the repository? It should
> > not
> > be possible to view any other part of the repository.
> >
> > Thanks,
> >
>
> Yes, and I expect you are even putting to much in there. Assuming theguy isn't in any other group I think you could do:
>
> [/]
> @mydevs = rw
>
> [/customerA/projA]
>
> [/customerA/projB]
> theguy = rw
>
> [/customerA/projC]
>
> [/customerB]
>
> I think that is sufficient. But, yea, as was said, it is easy enough to try.

Okay, I thought, I'd need read access for / and /customerA.

For the record: I figured out that you can, in fact, grant read access
to just one particular directory within the repository.

Of course, this makes using Subclipse et al a bit cumbersome since you
cannot just browse the repo. It would be nice to have non-recursive
rights - that way, I could grant "r" to / and /customerA to theguy and
he would be able to see those folders but with only the subfolders he
has access to.

Thanks,

Tino.

-- 
"What we nourish flourishes." - "Was wir nähren erblüht."
www.tisc.de
Received on 2011-06-30 13:15:25 CEST

This is an archived mail posted to the Subversion Users mailing list.