> -----Original Message----- > From: Johnson, Robert [mailto:r.john...@cgi.com] > Sent: 25 October 2010 23:59 > To: users@subversion.apache.org > Subject: Path based authorization > > I'm not sure this is a bug or the documentation is wrong, or > I'm misunderstanding the concept. > > The setup and config: > > Redhat Enterprise Linux AS release 4 (October Update 7) > Apache 2.2.16 > Subversion version 1.6.12 from Collabnet > mod_authz_svn.so built from Subversion sources 1.6.13 (uses > 1.6.12 libs at runtime) > > In the SVN doc: > > Section 6.5 Path-Based Authorization > > [paint:/projects/paint] > jane = r > @paint-developers = rw > > Another important fact is that the first matching rule is the > one which gets applied to a user. In the prior example, > even though Jane is a member of the paint-developers group > (which has read/write access), the jane = r > rule will be discovered and matched before the group rule, > thus denying Jane write access. > > My authz file: > > [groups] > Administrators = admin, r.thompson, john.robbins > SE-tech = r.thompson, john.robbins, test.user
...I am not sure but can you try with a different name without the '-' minus sign? > [/] > #start with everyone has read access > * = r > @Administrators = rw > > [SystemEngineering:/trunk] > test.user = r > @Administrators = rw > @SE-tech = rw > > I am not getting the results as described in the > documentation. I thought excluding a user from write access > even though they were a member of an rw group was kind of > handy. I have observed this behavior in both svn and http > protocols. Even though the test.user has been designated as > "r" on the trunk, that user can still commit to the > SystemEngineering/trunk repository folder. > > Any help or clarification would be greatly appreciated. > > Bob Johnson > CGI - Insurance Sector > Columbia, S.C. > (803)917-7751 >
