Hi Bob, On Wed, Jun 29, 2011 at 02:15:39PM -0400, Bob Archer wrote: > > Given the following structure: > > > > /customerA/projA/ > > /customerA/projB/ > > /customerA/projC/ > > ... > > /customerB/projX/ > > /customerB/projY/ > > ... > > > > Is there an easy way to grant someone rw-access to /customerA/projB > > *only*, that is without something like the following in authz? > > > > [/] > > theguy = r > > @mydevs = rw > > > > [/customerA/projA] > > theguy = > > > > [/customerA/projB] > > theguy = rw > > > > [/customerA/projC] > > theguy = > > > > [/customerB] > > theguy = > > > > The tree is a bit deper in reality and has more projects and I > > don't > > want to clutter authz with lots of "no rights for theguy" entries, > > apart > > from that being inherently insecure since projD might appear pretty > > soon > > and unnoticed by me. > > > > To rephrase my question: Is there an easy way to grant somebody > > access > > to just one explicit subtree deep within the repository? It should > > not > > be possible to view any other part of the repository. > > > > Thanks, > > > > Yes, and I expect you are even putting to much in there. Assuming theguy > isn't in any other group I think you could do: > > [/] > @mydevs = rw > > [/customerA/projA] > > [/customerA/projB] > theguy = rw > > [/customerA/projC] > > [/customerB] > > I think that is sufficient. But, yea, as was said, it is easy enough to try.
Okay, I thought, I'd need read access for / and /customerA. For the record: I figured out that you can, in fact, grant read access to just one particular directory within the repository. Of course, this makes using Subclipse et al a bit cumbersome since you cannot just browse the repo. It would be nice to have non-recursive rights - that way, I could grant "r" to / and /customerA to theguy and he would be able to see those folders but with only the subfolders he has access to. Thanks, Tino. -- "What we nourish flourishes." - "Was wir nähren erblüht." www.tisc.de
