XP-Dev.com Documentation

Subversion Path Based Permissions

XP-Dev.com supports Subversion path based permissions on all Subversion repositories. They're enabled by default, so, there is nothing that needs to be done to enable it.

How Permissions are Applied

Permissions for repositories are applied at two levels: first, at the Project level, and then followed by per-repository path authorization.

Permissions at the Project level is managed through your project's Settings (followed by Permissions) page.

Repository level path permissions are managed through each repository's Path Based Permissions settings page:

Path Based Permissions

Before you can define a path permission for a user, you will need to ensure that the user has the appropriate permission at the project level first.

For e.g. if you would like the user mydev to only be able to read and write to the path /myapp on your repository, you will need to permission mydev as a Writer at the project level first, before granting that user specific path based permissions.

Basic Rules

Each section defines authorizations for a path, and then the authorisations follow. Each authorisation line can refer to:

  • A single user, or
  • A group of users (see below), or
  • All authenticated users using $authenticated
  • All anonymous users, using $anonymous - this will only be used if you make your repository or project public (all projects and repositories are private by default)
  • * - all users

Followed by a permission type:

  • r - read
  • w - write
  • rw - read and write
  • "" (blank) - not permissioned (access denied)

For example, the following settings will grant read access to user alice and read/write access to user bob but denies access to john for the path /myapp:

[/myapp]
alice = r
bob = rw
john =

Groups

To define groups in your path authorisation settings, you need to use a special section called groups, and reference them using the notation @groupname

For example, the following defines a group called devs made up by alice and bob:

[groups]
devs = alice, bog

And the following grants the devs group read/write access to the path /myapp:

[/myapp]
@devs = rw

Examples

The simplest setting you can have is to allow all permissions to be handled at the project level:

* = rw

Remember that permissions are applied at the project level first, and the setting above essentially says: grant all permissioned users the exact same access level that has been granted to them at the project level.

If you'd like to restrict certain users to certain paths, you will need to grant them explicit authorisations.

The example below gives bob access to the whole repository, except for the /tags path:

[/tags]
bob =

[/]
* = rw

If you want to get more control on access granted to each user, then you need to amend the final wildcard entry and define permissions for each user.

The example below gives bob read access to /app1 only, and gives alice read/write access to /app1 and /app2. bob will need to be granted permission as a Reader at the project level, and alice as a Writer:

[/app1]
alice = rw
bob = r

[/app2]
alice = rw

[/]
* =

If you need any help with your repository's path permissions, please do raise a ticket

Feel free to contact us if you need any assistance.