Can I restrict access to my Subversion repositories?

Once you have created your SVN repositories, you may also wish to configure permissions to control who has access to your files.

By default, anonymous users are allowed unrestricted read/write access to a new repository without being prompted for a username or password. This is fine for getting started quickly, however in most situations you would probably want to restrict this to only allow access to authorized users.

How to restrict repository access to specific users:

  1. Log in to the Control Panel using your ProjectHut account username and password.
  2. Click on the Users menu link.
  3. Click on Create a New User.
  4. Enter a name and password for the user, and click Create.
  5. Click on the Subversion Permissions menu link and select the repository you wish to configure permissions for.
  6. You may wish to disable access for anonymous users entirely, so click on the edit link next to the default anonymous user.
  7. In the drop-down box, select the access is denied option, and click Update Rule.
  8. To allow a specific authenticated user full access to the repository, click on the add button next to the root / path to add a new rule.
  9. Select the User you wish to assign permissions for, and select whether you would like to assign full read/write access, or only read-only (read-only means they can browse and check out the code, but not commit any changes).
  10. Click Add Rule to apply the permission.

Now, if you attempt to access the repository URL using your web-browser or Subversion client (e.g. TortoiseSVN), you will be prompted for a username and password and must supply the appropriate user credentials to match the configured rules.

On this page it is also possible to assign fine grain control to different paths within the repository. For example, you may wish to only assign read/write permissions for the tags/ directory to one user, and allow read-only access to everyone. This might be done in order to prevent tagged versions of files from being accidentally modified.

How to assign permissions to a specific repository path:

  1. Click on the Subversion Permissions menu link and select the repository you wish to configure permissions for.
  2. Locate the Create new rules for path: field.
  3. Enter the path you wish to provide additional restrictions to (e.g. tags/) and click Add.
  4. Assign specific permissions to this path by clicking the add link, as per the instructions above.

Note: Path permissions are cumulative, and in order to allow access for a user to a specific path, it is necessary to ensure that they have access to all the paths above it also. For example, even though you may have assigned permissions to the tags/ path, unless you have also assigned permissions to the root / then the user will not be able to access any paths under it, and hence be unable to access tags/ either.

In most cases you would normally only restrict access to the entire repository (i.e the root path /). Its only in specific cases that you would restrict sub-paths (e.g. the tags/ example above), but in doing so you must make sure that the users with access to the sub-path also have access to the parent path.

Groups and Permissions

In addition to assigning permissions to individual users, you can also create Groups of users (e.g. developers, testers, admin, etc), and assign permissions to the group instead. This can simplify the process of managing permissions for a large number of users by avoiding having to assign permission to each User individually.

Note: Groups are identified in the rule list by an @ symbol (e.g. @developers). Likewise, rules can be assigned to *anonymous to permit or restrict access from unauthenticated users.


Leave a Reply