I have set up an SVN repository from scratch, and I have successfully tagged some of my releases using the SVN copy command.
I used the SSPI auth plugin for apache, so our developers just hit the server with their network credentials, and everything works nicely.
I have created an AuthZ authorization file, added our developers to groups in the file, and have granted them write access to the root. I also have granted anonymous users read-only access to the root.
I then locked down the /svn/ directory with: Require-group "CORP\CKAN0BlahBlah"
This effectively limits new developers in the security group to read-only access until they are granted access through the aAuthZ config file.
Now, I have a couple of questions:
What is the proper way (other than the honor system) to prevent users from commiting changes to any of the "tags" directories?
Is it possible to use SSPI to pass the members of the groups to AuthZ, rather than listing the members individually in the configuration file?