We have a subversion server with lots of repositories and users authenticated via AD that is running fine for the last few years. Now we have to restrict the access to the repositories and I have the following issue that I can't solve. There are users, which should have access only to specific subfolders in a few repositories. So I restricted the access rights of all users to "no access" for all reposities and granted access rights to the users for the corresponding subfoldert. Now we have the problem, that such repositories are not visible and the access to such repositories is only possible, if the full path is used:
[/]
# Restrict access for all users
* =
[repos1:/subdir1]
@user1 = rw
[repos1:/subdir2]
@user2 = rw
For user1 and user2 repos1 is not listed in the web page (mysvnserver/svn). TortoiseSVN cannot access the repository for these users. user1 and user2 can only access subdir1/subdir2 only if the full path (mysvnserver/svn/repos1) is used. This implies, that the users know which repositories exist und which parts of them they can access.
What I want is that user_group1 sees the repository and has full access only to subdir1 and user_group2 full access only to subdir2.
Allowing the readonly access to the root for all users [/] * = r leads to user1 and user2 having read access to all repositories, which is not what we want. Other users would be able to create new folders in the top level of the repository, so it must be done this way - restrict access for all users and grant users access to the corresponding repository subdirs.
So how can I achieve it?
i.e. - allow read access only to used repo (from /), add write permissions when needed. And "inheritance" doesn't mean "no modification" or "no additional restrictions" - try it