CollabNetSubversionEdge访问权限的控制
IhavebeenusingSubversionforversioncontrolforagoodtimenow.AndIuseCollabNet'sSubversionserverforallin-houseSVNrepos.Ithasbeenonlyrecentlythataneedarosetorestrictaccesstorepositoriesformycolleagues.
BasicallyIneededtoenableaccessforaparticularrepositorytoapersonoutsidemyorganization.AndIdidnotwantthatpersontobeabletoaccessallotherrepos(internaltomyorganization)onthesamesvnserver.Pleasenotethatunderdefaultsettings,allauthenticatedusershaveread/writeaccessforallrepositoriesonaCollabNetsvnserver.
MyimaginationwasIshouldbeabletocontrolthesameviasvnserve.conf/authz/passwdconfigurationfilesspecifictoeachrepository.Butcommentsontopofthosefiles(specificallysvnserve.conf)madeitveryclearthatthesefilesareonlyusedwhenaccessingviasvnserve.Iftherepoisaccessedviahttp/https,thesettingsintheseconfigurationfileswouldbeignored.
ThenextplaceIlookedoutwasthe"AccessRules"sectionunder"Repositories"tabwhenloggedinasadmintoCollabNetSubversionEdgeGUI.Iwasdecentlysurethiswastherightplaceforconfiguringrepositorybasedaccess,butdidnotquitehadaclearideaofthesyntaxtobeusedforspecifyingaccessrules.
BasicgooglingandthispageinCollabNet'sSubversionCommunitybookhelpedandIwasabletoquicklymuster-upthefollowingaccessrulesthatworkedexactlyhowIwantedthemto:
访问规则的一个示例:
Adetailedexplanationofthesyntaxisavailablehere:详细的语法解释可以参考以下链接
http://www.collab.net/community/subversion/svnbook/svn.serverconfig.pathbasedauthz.html
Basicallythesectionstartingwith[/]controlsaccesstoallrepositories.HereIhavegiventheadminuserandmyselfread/writeaccesstoallrepos.
[/]表示对所有repo的访问控制。这个示例文件中我将所有repos的读写权限赋给了admin和我自己的用户。
Allsectionsbelowcontrolaccesstoaparticularrepowhosenameisinsidethebrackets.':/'meanstheruleisfortherootofthatrepo,youcanalsocontrolaccesstoparticularpathsinsideadirectory.Youcanalsocreategroupsforusersandassignaccessrulesforgroupsthatwouldapplytoallusersinthatgroup,theexactsyntaxforthesameisavailableontheabovereferencedurltogetherwithsomeotherhandyoptionsforspecifyingaccessrules.
[/]下面所有的sections是对特定repo的权限控制"[]"里面表示repo的名字。':/'表示规则是对那个repo的根目录,你也可以控制目录中特定路径的访问权限。你还可以创建一个用户组而且为这个用户组里面的用户制定访问repo的规则,规则对组内的所有用户生效,更多的准确使用语法和一些其他的相关制定访问规则的options也可以从上面那个链接里面找到……
Youwouldfindthispageusefultooifyouareallowingaccessviasvnserve.
Needlesstosay,IamlovingthewayCollabNet'sSubversionserverworks.Andtheicingonthecakeistheaboveaccessrulesareautomaticallyappliedtoviewvcalsoandauserisabletoviewrepoonlyiss/hehasaccesstothesame.
UPDATE:
Jan23,2012-Averyimportantpointtonoteisthatthecasingofrepository/pathsinyouraccessrulesandinyourcheckoutcommandsshouldmatch.
e.g.ifyouraccessruleislike:checkout的时候一定注意大小写,否则SVN会提示一个unauthorizederror
[Repo1:/]
User1=rw
AndUser1triestocheck-out:
https://your-server/svn/repo1
CollabNetSubversionwouldgiveyouaunauthorizederror.Didyounoticetheproblem:thecasingofrepositorynameinyourcheck-outcommandandinaccessruledoesnotmatch.YouwillgetthiserrorevenonWindowswheredirectory/filenamesarecaseinsensitive.
Averyimportantgotchayouwouldwanttolookoutfor.