RE: Recommendation for path-based authorisation auditing tool?
From: David Aldrich <David.Aldrich_at_EMEA.NEC.COM>
Date: Thu, 26 Sep 2013 15:02:20 +0000
Hi Mark
Thanks for replying. By auditing, I mean the ability to easily see who has access to a specified folder. I think we already have the recording of changes covered. svnauthz_accessof looks interesting, but it reports whether a specified user has access. I would prefer to ask 'who has access?' to a specified folder.
David
From: Mark Phippard [mailto:markphip_at_gmail.com]
On Thu, Sep 26, 2013 at 10:50 AM, David Aldrich <David.Aldrich_at_emea.nec.com<mailto:David.Aldrich_at_emea.nec.com>> wrote:
We use path-based authorisation to control access to our svn repositories. The authorisation rules can be quite complex as we apply different authorisations across various branches and directories of our projects. It is quite hard to be sure that the required permissions structure is correctly implemented.
Therefore, we are looking for a tool to help audit the permissions. I am aware that there are various commercial tools available. The ones I have seen are part of larger svn tool suites and not available separately. They are therefore expensive.
I am wondering whether anyone would recommend a suitable tool for controlling or auditing path-based permissions? --
Define what you mean by auditing? I am not aware of any commercial tools that do this. There are certainly tools that provide their own UI for defining the permissions and probably leave an audit trail of who made the changes, but that does not seem like what you want.
With SVN 1.8 you can store the authz files in the repository -- so that would give an audit trail.
Also, there is a command line tool that can be used to validate the file as well as run checks on the rules. See:
http://subversion.apache.org/docs/release-notes/1.8.html#svnauthz_accessof
Thanks
Mark Phippard
Click here<https://www.mailcontrol.com/sr/V0PBIBeSTzjGX2PQPOmvUgItITKVa7z0Xk0fQOMfCUIfDOMoOhGZTkGhdk3mmYAyB08qPzQHNPJIWrzEXY2ZCw==> to report this email as spam.
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.