Suppose I have a bunch of projects, and I want to grant full access to a group, but no access to anything else. Please don't call me anti-social.
/trunk/proja /trunk/projb /trunk/projc I want to grant full access to proja to groupa, but no access to the others. How can I do this? [repo:/] @groupa = r @others = rw [repo:/trunk/proja] @groupa = rw [repo:/trunk/projb] @groupa = [repo:/trunk/projc] @groupa = However, this does not scale well. When I add projd, I need to make sure that I remove access (@groupa=;) for all the groups that should not have access. That is, I am practicing negative access control (deny access), which is error prone. Is there a way for the permissions to not be recursive, so that I could grant @groupa access to / without it applying to /**? We could reorg the repo (/trunk/secret and /trunk/groupa), but that seems like the tail wagging the dog (security issues dictating repo layout). -- -Justin
