[SAC] Complex Subversion Access Rules

Frank Warmerdam warmerdam at pobox.com
Thu Dec 6 02:09:57 EST 2007


Projects like GRASS, QGIS and OpenLayers have traditionally not had
"flat access" to their whole subversion respositories.  In the case of
OpenLayers, for instance, I think they have a /sandbox area with much
broader access, and then the rest of the respository only accessable
to core commiters.

In the past we only allowed a single LDAP "group" for each repository
and so we were unable to practically offer this service.  However, with
help from Chris Schmidt, and Howard Butler I was able to put a mechanism
into place for relatively convenient maintenance of authz files to define
authorization rules for a repository based on LDAP groups.

There is some extra administrative overhead for SAC in setting up these
scenarios, but it isn't bad.  And thereafter the projects can administer
the members of the groups themselves.  I have documented the approach at:


Best regards,
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | President OSGeo, http://osgeo.org

More information about the Sac mailing list