> Given the following structure: > > /customerA/projA/ > /customerA/projB/ > /customerA/projC/ > ... > /customerB/projX/ > /customerB/projY/ > ... > > Is there an easy way to grant someone rw-access to /customerA/projB > *only*, that is without something like the following in authz? > > [/] > theguy = r > @mydevs = rw > > [/customerA/projA] > theguy = > > [/customerA/projB] > theguy = rw > > [/customerA/projC] > theguy = > > [/customerB] > theguy = > > The tree is a bit deper in reality and has more projects and I > don't > want to clutter authz with lots of "no rights for theguy" entries, > apart > from that being inherently insecure since projD might appear pretty > soon > and unnoticed by me. > > To rephrase my question: Is there an easy way to grant somebody > access > to just one explicit subtree deep within the repository? It should > not > be possible to view any other part of the repository. > > Thanks, >
Yes, and I expect you are even putting to much in there. Assuming theguy isn't in any other group I think you could do: [/] @mydevs = rw [/customerA/projA] [/customerA/projB] theguy = rw [/customerA/projC] [/customerB] I think that is sufficient. But, yea, as was said, it is easy enough to try. BOb
