What source control systems have file level permissions?

views:

286

answers:

+3 Q:

What source control systems have file level permissions?

I might propose migrating away from VSS due to its inability to grant and deny permissions at the file level. The question is what source control systems allow this.

Update I am marking the SVN answer as the "correct" one, since it had the most feedback. However, there is no correct answer. I will make my recommendations to management based on all your feedback.

+2 A:

Perforce does.

Michael Burr 2009-06-13 23:43:33

I'll have to test drive the perforce IDE integration. I used the command line version a bit for read-only access to the [Open Watcom](http://www.openwatcom.com) repository, but I will never be able to sell my company on something without Visual Studio support.

Justin Dearing 2009-06-13 23:46:26

Perforce supports an SCC plug-in for VS integration. However, I've found VS's SCC support to not be great for any source control system (not Perforce's fault - I think SCC is probably a poor interface). Maybe your team will have a better opinion of it.

Michael Burr 2009-06-13 23:49:51

I agree that VS SCC integration sucks in general, my colleagues do not.

Justin Dearing 2009-06-13 23:53:53

+5 A:

subversion does too, but the ACL is managed in a configuration file

Evert 2009-06-13 23:44:56

The question is will someone sell me a GUI tool that will edit the apache config files and provide support. I'm ok with editing text files and running an open source product I don't pay for. Management is not.

Justin Dearing 2009-06-13 23:52:52

No, but they'll give you one for free (I'd donate if you're pleased with it). The VisualSVN msc snap-in allows you to set permissions with an interface you'll be familiar with - down to the file level.

gbjbaanb 2009-06-14 00:11:29

and you get Active Directory logins using it too, there's really very little reason not to upgrade to SVN.

gbjbaanb 2009-06-14 00:12:25

If you don't want to run Apache, because the machine is already running IIS, then you can also use the svnserve.exe server. Google PainlessSVN, which deals with how svnserve works.

hectorsosajr 2009-06-14 00:25:24

There's a free GUI tool for managing Windows SVN servers: VisualSVN Server (http://www.visualsvn.com/server). The GUI supports access control down to the directory level - it's not clear from the description if it also supports file-level control (which is supported by svn in the config files). I used VisualSVN Server briefly a while back, so I'm by no means an expert, but it seemed a pretty nice package.

Michael Burr 2009-06-14 02:20:52

off-topic: thanks all for pushing me to a 1000 reputation points :)

Evert 2009-06-14 03:34:39

+3 A:

I'm not really answering your question, but I think it's not a very useful feature to have permissions on VCS. People should know where they're allowed to commit, people should be reviewing commits, and if someone's committing where they're not supposed to:

You catch it in the review
You roll back the change (which is what a VCS is designed for)
You figure out why: was it a mistake, or on purpose?

If you're worried that people will make unauthorized changes, then you have a social problem that the permissions won't fix. If you're worried that people will accidentally make changes to the wrong code, then you have a different social problem (lack of review) that the permissions also won't fix.

Dietrich Epp 2009-06-14 00:01:48

This may be fine for smaller organizations, but in a larger organization enforcing access control is often a requirement. There are also times when it might be a contractual requirement (and I wouldn't be surprised if at times there are even legal requirements).

Michael Burr 2009-06-14 00:07:34

I agree sometimes problems like these require social convention and process (code reviews) as opposed to security. However, when dealing with things like outside contractors, and process control, such security has merit.

Justin Dearing 2009-06-14 00:11:51

If you are using VSS now, Team Foundation Version Control (TFVS) is the logical upgrade, especially if your corporate mandate is Microsoft-only tools.

http://msdn.microsoft.com/en-us/library/ms364074.aspx

Robert Harvey 2009-06-14 01:20:34

Does it satisfy my requirements? Specifically, file level permissions?

Justin Dearing 2009-06-16 23:24:56

A complete rundown of the various permission levels and their meaning is provided here: http://msdn.microsoft.com/en-us/library/ms252587.aspx

Robert Harvey 2009-06-17 02:22:09

The short answer is yes.

Richard Berg 2009-06-22 14:46:06

Thanks, Richard. It was not at all clear to me from the specifications, although with the level of detail provided I assumed that it was possible.

Robert Harvey 2009-06-22 15:17:22

+1 A:

Whatever its other flaws, IBM Rational Clearcase does support file-level permission controls. It also has other mechanisms that you can use - notably triggers which can be written to cause an otherwise permitted checkin to fail.

Jonathan Leffler 2009-06-14 02:11:07

SVN supports triggers. They call them hooks. Some will fail commits that don't meet certain conditions (e.g. one forces the files to all have mime types set) and others trigger external actions like continuous integration builds and email notifications.The fact that this is an IBM product might make this more palatable to my employer though.

Justin Dearing 2009-06-14 11:51:53

+1 A:

Mercurial does, with the bundled Acl extension

yanjost 2009-06-30 07:25:12

Take a look at Plastic SCM and it's ACL model.

pablo 2009-06-30 16:50:46

ansaurus

tags:

views:

answers:

What source control systems have file level permissions?

related questions