views:

286

answers:

7

I might propose migrating away from VSS due to its inability to grant and deny permissions at the file level. The question is what source control systems allow this.

Update I am marking the SVN answer as the "correct" one, since it had the most feedback. However, there is no correct answer. I will make my recommendations to management based on all your feedback.

+2  A: 

Perforce does.

Michael Burr
I'll have to test drive the perforce IDE integration. I used the command line version a bit for read-only access to the [Open Watcom](http://www.openwatcom.com) repository, but I will never be able to sell my company on something without Visual Studio support.
Justin Dearing
Perforce supports an SCC plug-in for VS integration. However, I've found VS's SCC support to not be great for any source control system (not Perforce's fault - I think SCC is probably a poor interface). Maybe your team will have a better opinion of it.
Michael Burr
I agree that VS SCC integration sucks in general, my colleagues do not.
Justin Dearing
+5  A: 

subversion does too, but the ACL is managed in a configuration file

Evert
The question is will someone sell me a GUI tool that will edit the apache config files and provide support. I'm ok with editing text files and running an open source product I don't pay for. Management is not.
Justin Dearing
No, but they'll give you one for free (I'd donate if you're pleased with it). The VisualSVN msc snap-in allows you to set permissions with an interface you'll be familiar with - down to the file level.
gbjbaanb
and you get Active Directory logins using it too, there's really very little reason not to upgrade to SVN.
gbjbaanb
If you don't want to run Apache, because the machine is already running IIS, then you can also use the svnserve.exe server. Google PainlessSVN, which deals with how svnserve works.
hectorsosajr
There's a free GUI tool for managing Windows SVN servers: VisualSVN Server (http://www.visualsvn.com/server). The GUI supports access control down to the directory level - it's not clear from the description if it also supports file-level control (which is supported by svn in the config files). I used VisualSVN Server briefly a while back, so I'm by no means an expert, but it seemed a pretty nice package.
Michael Burr
off-topic: thanks all for pushing me to a 1000 reputation points :)
Evert
+3  A: 

I'm not really answering your question, but I think it's not a very useful feature to have permissions on VCS. People should know where they're allowed to commit, people should be reviewing commits, and if someone's committing where they're not supposed to:

  • You catch it in the review
  • You roll back the change (which is what a VCS is designed for)
  • You figure out why: was it a mistake, or on purpose?

If you're worried that people will make unauthorized changes, then you have a social problem that the permissions won't fix. If you're worried that people will accidentally make changes to the wrong code, then you have a different social problem (lack of review) that the permissions also won't fix.

Dietrich Epp
This may be fine for smaller organizations, but in a larger organization enforcing access control is often a requirement. There are also times when it might be a contractual requirement (and I wouldn't be surprised if at times there are even legal requirements).
Michael Burr
I agree sometimes problems like these require social convention and process (code reviews) as opposed to security. However, when dealing with things like outside contractors, and process control, such security has merit.
Justin Dearing
A: 

If you are using VSS now, Team Foundation Version Control (TFVS) is the logical upgrade, especially if your corporate mandate is Microsoft-only tools.

http://msdn.microsoft.com/en-us/library/ms364074.aspx

Robert Harvey
Does it satisfy my requirements? Specifically, file level permissions?
Justin Dearing
A complete rundown of the various permission levels and their meaning is provided here: http://msdn.microsoft.com/en-us/library/ms252587.aspx
Robert Harvey
The short answer is yes.
Richard Berg
Thanks, Richard. It was not at all clear to me from the specifications, although with the level of detail provided I assumed that it was possible.
Robert Harvey
+1  A: 

Whatever its other flaws, IBM Rational Clearcase does support file-level permission controls. It also has other mechanisms that you can use - notably triggers which can be written to cause an otherwise permitted checkin to fail.

Jonathan Leffler
SVN supports triggers. They call them hooks. Some will fail commits that don't meet certain conditions (e.g. one forces the files to all have mime types set) and others trigger external actions like continuous integration builds and email notifications.The fact that this is an IBM product might make this more palatable to my employer though.
Justin Dearing
+1  A: 

Mercurial does, with the bundled Acl extension

yanjost
A: 

Take a look at Plastic SCM and it's ACL model.

pablo