Project administrators can give project members specific kinds of access to a whole
Subversion repository or any path within that repository.
Overview
You can specify access permissions for users with a given role at the repository
level, or at at the path level within a repository.
- When you set a permission for a role on any directory in the repository, all
directories and files under that directory get the same permission.
- When you set a permission on an individual file in the repository, there is no
effect on the permissions assigned to paths above the level of that file. (files
are just "paths" that terminate with a file names)
How you use path-based permissions will depend on whether you view permissions
primarily as a way to grant access or as a way to restrict access.
- Full access, with exceptions
- Give your company's own employees commit access to your whole source code
base, while allowing developers from contracting firms to commit only to
those parts of the code base that they are expected to work on.
- No access, with exceptions
- Assign all developers "No access" by default, then assign each type of
developer access to certain directories and files according to their
responsibilities.
Note: You can control access to a path or to an individual file. This is different from
normal Subversion checkout and commit operations, which are performed on directories
but not individual files.
No Access
When you deny all access to a repository for a role, users with that role cannot see
that the repository exists, except if:
- The role has View or Commit access to some directory within the repository. In
this case, users with this role can see the directories that contain the
directory they have access to.
- The user has another role that grants access to some part of the repository.
Note: An individual user can have multiple roles. When two roles have permissions that
conflict with each other, the role with the more expansive permissions takes
precedence.
View Only
Users with a role that has View Only access to a path can browse the contents of the
repository on the Web site or by connecting directly to the repository from a
client, such as Tortoise, CollabNet Desktop for Eclipse, or CollabNet Desktop for
Visual Studio.
View and Commit
Users with a role that has View and Commit permission to a path can browse and
download code, and can also check code into the repository.
Commit messages
When users monitor a repository, they receive commit announcements by email that
include the resources that their role permits them to see.
Users with a No Access role on a repository cannot monitor that repository to receive
commit messages by email.
By default, commit emails provide all the details about the commit that a logged-in
user can view in the Source Code application. A repository owner can elect to have
the notification emails omit most of the detail and provide only the commit ID
and the committer's user name.
Permissions at different levels
If two paths have different permissions, the permissions on the lower-level path take
effect. For example, consider a role that has "No Access" set for the path
/branches/version3/users, but has "View and Commit" access
to /branches/version3/users/vijay. A user with this role can:
- Check code in and out of the vijay directory.
- Click down through all the directories in that path, including
users. (Directories that are not included in the user's
permissions are not shown.)
Users with this role cannot:
- Check files in and out of the users directory.
- Monitor commits to users.
- Execute Subversion copy, move or delete operations that involve resources in the
users directory (or any other paths where the user has
View Only or No Access).
Toolbar button
If none of the available permissions (View Only,
View and Commit, or Path-based
Permissions) is selected for any repository, and none of the options
under Source Code Permissions is selected, users with this
role do not see the Source Code toolbar button.