subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Archer <Bob.Arc...@amsi.com>
Subject RE: granting partial read access
Date Wed, 29 Jun 2011 18:15:39 GMT
> Given the following structure:
> 
> /customerA/projA/
> /customerA/projB/
> /customerA/projC/
> ...
> /customerB/projX/
> /customerB/projY/
> ...
> 
> Is there an easy way to grant someone rw-access to /customerA/projB
> *only*, that is without something like the following in authz?
> 
> [/]
> theguy = r
> @mydevs = rw
> 
> [/customerA/projA]
> theguy =
> 
> [/customerA/projB]
> theguy = rw
> 
> [/customerA/projC]
> theguy =
> 
> [/customerB]
> theguy =
> 
> The tree is a bit deper in reality and has more projects and I
> don't
> want to clutter authz with lots of "no rights for theguy" entries,
> apart
> from that being inherently insecure since projD might appear pretty
> soon
> and unnoticed by me.
> 
> To rephrase my question: Is there an easy way to grant somebody
> access
> to just one explicit subtree deep within the repository? It should
> not
> be possible to view any other part of the repository.
> 
> Thanks,
> 

Yes, and I expect you are even putting to much in there. Assuming theguy isn't in any other
group I think you could do:

[/]
@mydevs = rw

[/customerA/projA]

[/customerA/projB]
theguy = rw

[/customerA/projC]

[/customerB]

I think that is sufficient. But, yea, as was said, it is easy enough to try.

BOb


Mime
View raw message