Version 1 (modified by 16 years ago) ( diff ) | ,
---|
This page documents the 1.4 (latest stable) release. Documentation for other releases can be found here.
Fine grained permissions
Current limitations
- No groups support in 0.8 (implemented in 0.9, see [1450])
- trac_authz config option doesn't accept relative path
Basic information
Fine grained permissions is the support of a mod_authz_svn file inside trac.
[/] * = r [/branches/calc/bug-142] harry = rw sally = r [/branches/calc/bug-142/secret] harry =
- / = Everyone has read access by default
- /branches/calc/bug-142 = harry has read/write access, sally read only
- /branches/calc/bug-142/secret = harry has no access, sally has read access (inherited as a sub folder permission)
Trac Configuration
To activate fine grained permissions you must specify the authz_file
option in the [trac]
section of trac.ini. If this option is set to null or not specified the permissions will not be used.
[trac] authz_file = /path/to/svnaccessfile
if you want to support the use of the [
modulename:/
some/
path]
syntax within the authz_file
, add
authz_module_name = modulename
where modulename refers to the same repository indicated by the repository_dir
entry in the [trac]
section.
Note: Usernames inside the Authz file must be the same as those used inside trac.
Subversion Configuration
The same access file is typically applied to the corresponding Subversion repository using an Apache directive like this:
<Location /repos> DAV svn SVNParentPath /usr/local/svn # our access control policy AuthzSVNAccessFile /path/to/svnaccessfile </Location>
More information about this file format and about its usage in Subversion is available in the Subversion Book (Per-Directory Access Control).
For information about how to restrict access to entire projects in a multiple project environment see TracMultipleProjectsSVNAccess
See also: TracPermissions