On Mon, Jan 30, 2012 at 10:55 PM, K F <cmkfo...@yahoo.com> wrote: > > > --- On Mon, 1/30/12, Stefan Sperling <s...@elego.de> wrote: > >> From: Stefan Sperling <s...@elego.de> >> Subject: Re: Limited subdirectory access >> To: "K F" <cmkfo...@yahoo.com> >> Cc: "Andy Levy" <andy.l...@gmail.com>, users@subversion.apache.org >> Date: Monday, January 30, 2012, 9:32 PM >> On Mon, Jan 30, 2012 at 01:14:53PM >> -0800, K F wrote: >> > --- On Mon, 1/30/12, Andy Levy <andy.l...@gmail.com> >> wrote: >> > > have it setup in the authz file now: >> > > > [/] >> > > > @dev = rw >> > > > @qa = r >> > > > >> > > > [/ABC/DEF] >> > > > @dev1 = rw >> > > > >> > > > Do I need to be more specific? >> > > > >> > > >> > > What exactly isn't working? >> > > >> > > Is dev1 a group, or an individual? >> > > >> > > Do you have the case of the path matched exactly? >> The rules >> > > are case-sensitive. >> > > >> > >> > I am able to commit with a login that is in the dev >> group that is not in the dev1 group. >> > >> > The actual path is /svnrepo/ABC/DEF so I tried >> > >> > [/svnrepo/sandbox/tags] >> > @dev1 = rw >> > >> > and that doesn't work either. Based on the example in >> the file I also tried >> > >> > [repository:/svnrepo/sandbox/tags] >> > @dev1 = rw >> > >> > with no luck. Any ideas as to what I am doing wrong? >> >> You'll need to tighten permissions for the 'dev' group in >> /ABC/DEF also. >> [/] >> @dev = rw >> @qa = r >> >> [/ABC/DEF] >> @dev = r >> @dev1 = rw >> >> See this snippet from >> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html >> "Of course, permissions are inherited from parent to >> child directory. >> That means we can specify a subdirectory with a >> different access policy >> for Sally: >> >> [calc:/branches/calc/bug-142] >> harry = rw >> sally = r >> >> # give sally write access only to the 'testing' >> subdir >> [calc:/branches/calc/bug-142/testing] >> sally = rw >> >> Now Sally can write to the testing subdirectory of >> the branch, but can >> still only read other parts. Harry, meanwhile, >> continues to have >> complete read/write access to the whole branch." >> >> The same applies when restricting access, rather than >> expanding it. >> > > I realize my explanation is wrong, my apologies. It is actually repo ABC with > 40+ folders under it. I want to limit who has access to one of the folders > (DEF). After looking at the svnbook, I thought the following would work but > it is still not working: > > [ABC:/DEF] > @dev = r > @dev1 = rw
Can you check if order of the rules matters? Either putting this rule with [ABC:/DEF] before or after the other one (for [ABC:/]). I'm not sure, but I vaguely remember some prior discussion about this ... -- Johan
