I have setup a repository using SVN and uploaded projects. There are multiple users working on these projects. But, not everyone is working on all projects and require access. I want to setup permissioning for each of the projects with users.
How to achieve this?
The best way is to set up Apache and to set the access through it. Check the svn book for help. If you don't want to use Apache, you can also do minimalistic access control using svnserve.
In your svn\repos\YourRepo\conf folder you will find 2 files authz and passwd these are the 2 you need to adjust.
In the passwd file you need to add some username and passwords. I assume you have already done this since you have people using it
[users]
User1=password1
User2=password2
Then you want to assign permissions accordingly with the authz file :
Create the conceptual groups you want, and add people to it
[groups]
allaccess = user1
someacces = user2
Then choose what access they have from both the permissions and projec level
So lets give our all access guys all access from the root
[/]
@allacces = rw
But only give our someaccess guys only read access to some lower level project :
[/someproject]
@someaccess = r
You will also find some simple documentation in the authz and passwd files.
Although I would suggest the Apache approach is better, SVN Serve works fine and is pretty straightforward.
Assuming your repository is called "my_repo" and it is stored in c:\svn_repos :
Create a file called "passwd" in "C:\svn_repos\my_repo\conf". This file should look like:
[Users] username = password john = johns_password steve = steves_password
In c:\svn_repos\my_repo\conf\svnserve.conf set
[general] password-db = passwd auth-access=read auth-access=write
This will force users to login to read or write to this repository.
Follow these steps for each repository, only including the appropriate users in the passwd file for each repository.
Cheers,
RB.
With VisualSVN Server it's as simple as adding users and setting permissions...
Devote some time to reading the official SVN book. It's an exhaustive resource, covering almost everything about SVN (unless, of course, you encounter a problem, in which case deep digging into forums is usually the only option).
You can use svn+ssh:, and then it's based on access control to the repository at the given location.
This is how I host a project group repository at my Uni, where I can't setup anything else. Just having a directory that the group owns, and running svn-admin (or whatever it was) in there means that I didn't need to do any configuration.
To complete your answer, you can also delegate the user rights to the project manager, through a plain text file in your repository.
To do that, you setup your svn database with a default authz file containing the following
###########################################################################
# The content of this file always precedes the content of the
# $REPOS/admin/acl_descriptions.txt file.
# It describes the immutable permissions on main folders.
###########################################################################
[groups]
svnadmins = xxx,yyy,....
[/]
@svnadmins = rw
* = r
[/admin]
@svnadmins = rw
@projadmins = r
* =
[/admin/acl_descriptions.txt]
@projadmins = rw
This default authz authorize the svn admins to modif a plain visible text file within your svn repo,
called '/admin/acl_descriptions.txt', in which the svn admins or project managers will modify and register the users.
Then you setup a pre-commit hook which will detect if the revision is composed of that file (and only that file)
If it is, this hook scripts will validate the content of your plain text file and check if each line is compliant with the svn right syntax.
Then a post-commit hook will update \conf\authz file with the concatenation of :
The first iteration is done by the svn admin, he adds:
[groups]
projadmins = zzzz
He commits his modification, and that updates the authz file.
Then the project manager 'zzzz' can add, remove or declare any group of users and any users he wants. He commits the file and the authz file is updated.
That way, the svn admin does not have to follow any and all users for all svn repos.
One gotcha which caught me out:
[repos:/path/to/dir/] # this won't work
but
[repos:/path/to/dir] # this is right
You need to not include a trailing slash on the directory, or you'll see 403 for the OPTIONS request.