CollabNet Subversion - Restricting user access to repositories

CollabNetSubversionEdge访问权限的控制

IhavebeenusingSubversionforversioncontrolforagoodtimenow.AndIuseCollabNet'sSubversionserverforallin-houseSVNrepos.Ithasbeenonlyrecentlythataneedarosetorestrictaccesstorepositoriesformycolleagues.

BasicallyIneededtoenableaccessforaparticularrepositorytoapersonoutsidemyorganization.AndIdidnotwantthatpersontobeabletoaccessallotherrepos(internaltomyorganization)onthesamesvnserver.Pleasenotethatunderdefaultsettings,allauthenticatedusershaveread/writeaccessforallrepositoriesonaCollabNetsvnserver.

MyimaginationwasIshouldbeabletocontrolthesameviasvnserve.conf/authz/passwdconfigurationfilesspecifictoeachrepository.Butcommentsontopofthosefiles(specificallysvnserve.conf)madeitveryclearthatthesefilesareonlyusedwhenaccessingviasvnserve.Iftherepoisaccessedviahttp/https,thesettingsintheseconfigurationfileswouldbeignored.

ThenextplaceIlookedoutwasthe"AccessRules"sectionunder"Repositories"tabwhenloggedinasadmintoCollabNetSubversionEdgeGUI.Iwasdecentlysurethiswastherightplaceforconfiguringrepositorybasedaccess,butdidnotquitehadaclearideaofthesyntaxtobeusedforspecifyingaccessrules.

BasicgooglingandthispageinCollabNet'sSubversionCommunitybookhelpedandIwasabletoquicklymuster-upthefollowingaccessrulesthatworkedexactlyhowIwantedthemto:

访问规则的一个示例:

01 [/]
02 admin=rw
03 rahul.singla=rw
04
05 [Repo1:/]
06 neha.aggarwal=rw
07
08 [Repo2:/]
09
10 [Repo3:/]
11 aruna.raheja=rw
12 neha.aggarwal=rw
13
14 [Repo4:/]
15
16 [Repo5:/]
17
18 [Repo6:/]
19 yash.kapoor=rw
20
21 [Repo7:/]

Adetailedexplanationofthesyntaxisavailablehere:详细的语法解释可以参考以下链接
http://www.collab.net/community/subversion/svnbook/svn.serverconfig.pathbasedauthz.html

Basicallythesectionstartingwith[/]controlsaccesstoallrepositories.HereIhavegiventheadminuserandmyselfread/writeaccesstoallrepos.
[/]表示对所有repo的访问控制。这个示例文件中我将所有repos的读写权限赋给了admin和我自己的用户。

Allsectionsbelowcontrolaccesstoaparticularrepowhosenameisinsidethebrackets.':/'meanstheruleisfortherootofthatrepo,youcanalsocontrolaccesstoparticularpathsinsideadirectory.Youcanalsocreategroupsforusersandassignaccessrulesforgroupsthatwouldapplytoallusersinthatgroup,theexactsyntaxforthesameisavailableontheabovereferencedurltogetherwithsomeotherhandyoptionsforspecifyingaccessrules.

[/]下面所有的sections是对特定repo的权限控制"[]"里面表示repo的名字。':/'表示规则是对那个repo的根目录,你也可以控制目录中特定路径的访问权限。你还可以创建一个用户组而且为这个用户组里面的用户制定访问repo的规则,规则对组内的所有用户生效,更多的准确使用语法和一些其他的相关制定访问规则的options也可以从上面那个链接里面找到……

Youwouldfindthispageusefultooifyouareallowingaccessviasvnserve.

Needlesstosay,IamlovingthewayCollabNet'sSubversionserverworks.Andtheicingonthecakeistheaboveaccessrulesareautomaticallyappliedtoviewvcalsoandauserisabletoviewrepoonlyiss/hehasaccesstothesame.

UPDATE:

  • Jan23,2012-Averyimportantpointtonoteisthatthecasingofrepository/pathsinyouraccessrulesandinyourcheckoutcommandsshouldmatch.
    e.g.ifyouraccessruleislike:checkout的时候一定注意大小写,否则SVN会提示一个unauthorizederror

    [Repo1:/]
    User1=rw

    AndUser1triestocheck-out:
    https://your-server/svn/repo1

    CollabNetSubversionwouldgiveyouaunauthorizederror.Didyounoticetheproblem:thecasingofrepositorynameinyourcheck-outcommandandinaccessruledoesnotmatch.YouwillgetthiserrorevenonWindowswheredirectory/filenamesarecaseinsensitive.
    Averyimportantgotchayouwouldwanttolookoutfor.

你可能感兴趣的:(version,control,Recently,outside,particular)