CollabNetSubversionEdge访问权限的控制

IhavebeenusingSubversionforversioncontrolforagoodtimenow.AndIuseCollabNet'sSubversionserverforallin-houseSVNrepos.Ithasbeenonlyrecentlythataneedarosetorestrictaccesstorepositoriesformycolleagues.

BasicallyIneededtoenableaccessforaparticularrepositorytoapersonoutsidemyorganization.AndIdidnotwantthatpersontobeabletoaccessallotherrepos(internaltomyorganization)onthesamesvnserver.Pleasenotethatunderdefaultsettings,allauthenticatedusershaveread/writeaccessforallrepositoriesonaCollabNetsvnserver.

MyimaginationwasIshouldbeabletocontrolthesameviasvnserve.conf/authz/passwdconfigurationfilesspecifictoeachrepository.Butcommentsontopofthosefiles(specificallysvnserve.conf)madeitveryclearthatthesefilesareonlyusedwhenaccessingviasvnserve.Iftherepoisaccessedviahttp/https,thesettingsintheseconfigurationfileswouldbeignored.

ThenextplaceIlookedoutwasthe"Acce***ules"sectionunder"Repositories"tabwhenloggedinasadmintoCollabNetSubversionEdgeGUI.Iwasdecentlysurethiswastherightplaceforconfiguringrepositorybasedaccess,butdidnotquitehadaclearideaofthesyntaxtobeusedforspecifyingacce***ules.

BasicgooglingandthispageinCollabNet'sSubversionCommunitybookhelpedandIwasabletoquicklymuster-upthefollowingacce***ulesthatworkedexactlyhowIwantedthemto:

访问规则的一个示例:

01[/]
02admin=rw
03rahul.singla=rw
04
05[Repo1:/]
06neha.aggarwal=rw
07
08[Repo2:/]
09
10[Repo3:/]
11aruna.raheja=rw
12neha.aggarwal=rw
13
14[Repo4:/]
15
16[Repo5:/]
17
18[Repo6:/]
19yash.kapoor=rw
20
21[Repo7:/]

Adetailedexplanationofthesyntaxisavailablehere:详细的语法解释可以参考以下链接
http://www.collab.net/community/subversion/svnbook/svn.serverconfig.pathbasedauthz.html

Basicallythesectionstartingwith[/]controlsaccesstoallrepositories.HereIhavegiventheadminuserandmyselfread/writeaccesstoallrepos.
[/]表示对所有repo的访问控制。这个示例文件中我将所有repos的读写权限赋给了admin和我自己的用户。

Allsectionsbelowcontrolaccesstoaparticularrepowhosenameisinsidethebrackets.':/'meanstheruleisfortherootofthatrepo,youcanalsocontrolaccesstoparticularpathsinsideadirectory.Youcanalsocreategroupsforusersandassignacce***ulesforgroupsthatwouldapplytoallusersinthatgroup,theexactsyntaxforthesameisavailableontheabovereferencedurltogetherwithsomeotherhandyoptionsforspecifyingacce***ules.

[/]下面所有的sections是对特定repo的权限控制"[]"里面表示repo的名字。':/'表示规则是对那个repo的根目录,你也可以控制目录中特定路径的访问权限。你还可以创建一个用户组而且为这个用户组里面的用户制定访问repo的规则,规则对组内的所有用户生效,更多的准确使用语法和一些其他的相关制定访问规则的options也可以从上面那个链接里面找到……

Youwouldfindthispageusefultooifyouareallowingaccessviasvnserve.

Needlesstosay,IamlovingthewayCollabNet'sSubversionserverworks.Andtheicingonthecakeistheaboveacce***ulesareautomaticallyappliedtoviewvcalsoandauserisabletoviewrepoonlyiss/hehasaccesstothesame.

UPDATE:

  • Jan23,2012-Averyimportantpointtonoteisthatthecasingofrepository/pathsinyouracce***ulesandinyourcheckoutcommandsshouldmatch.
    e.g.ifyouracce***uleislike:checkout的时候一定注意大小写,否则SVN会提示一个unauthorizederror

    [Repo1:/]
    User1=rw

    AndUser1triestocheck-out:
    https://your-server/svn/repo1

    CollabNetSubversionwouldgiveyouaunauthorizederror.Didyounoticetheproblem:thecasingofrepositorynameinyourcheck-outcommandandinacce***uledoesnotmatch.YouwillgetthiserrorevenonWindowswheredirectory/filenamesarecaseinsensitive.
    Averyimportantgotchayouwouldwanttolookoutfor.