tom.peters Posted July 23, 2012 Report Share Posted July 23, 2012 Good Day - We are running a fully distributed development environment and I need to start setting some permissions on certain folders within a repository. If I setup groups/user and folder item permissions on the central repository, will these be picked up by the developer servers when they sync? I ask because I do not want each developer to setup their own server's permissions. I want to be the one to do this and I'd hate to have to actually set it up for each and every developer. Thanks, Tom Link to comment Share on other sites More sharing options...
manu Posted July 23, 2012 Report Share Posted July 23, 2012 Hello Tom. yes, the permissions are propagated along with the replication operation. Some of our customers are not comfortable with this feature and they use the "--noacl" parameter to use the "cm replicate" command without the ACL propagation. Link to comment Share on other sites More sharing options...
tom.peters Posted July 23, 2012 Author Report Share Posted July 23, 2012 Brilliant! Thank you, very much! Link to comment Share on other sites More sharing options...
tom.peters Posted July 23, 2012 Author Report Share Posted July 23, 2012 Another question... Does this mean that the groups will be replicated, as well? Because we are fully-distributed, each developer has his/her own Plastic server. This means the security, therein, must be setup, properly, or this will not work...correct? Example: Group 'Developers' on the central repository is allowed to check-in, checkout on folders X and Y Group 'Testers' on the central repository is allowed to check-in, checkout only on folder Y Jim is a brand developer with his own local Plastic server. He only has ALL_USERS, right now. When he pulls the source from the central repository (thereby getting the ACL), will the Groups come over, too? If not, do we need to create a Group named 'Developers' on his server and, if so, will the replication recognize this group by name? I apologize for the seemingly endless questions, but the security guide does not discuss DVCS (and, if it does, I missed it). Thanks, Tom Link to comment Share on other sites More sharing options...
manu Posted July 24, 2012 Report Share Posted July 24, 2012 The scenario is going to work is the authentication is a central one, for example LDAP or AD. Can you tell me which kind of authentication are you using in your setup? Link to comment Share on other sites More sharing options...
tom.peters Posted July 24, 2012 Author Report Share Posted July 24, 2012 We are using UP. Link to comment Share on other sites More sharing options...
manu Posted July 24, 2012 Report Share Posted July 24, 2012 In that case I think it will be enough if you send your "users.conf" and groups.conf" files to your coworkers. Then, they need to copy them into their distributed servers directory and restart the server. That's all. Link to comment Share on other sites More sharing options...
tom.peters Posted July 24, 2012 Author Report Share Posted July 24, 2012 OK, so let's see if I got this right... If I setup everyone on the central repository (users and groups) and then distribute these files (users.conf and groups.conf), the users can restart their server and they will see all of the users/groups I setup on the central server. As permissions are changed on the central server, the users will pick up these permission changes when they pull from the repository. Is this correct? Link to comment Share on other sites More sharing options...
manu Posted July 24, 2012 Report Share Posted July 24, 2012 Yep! Link to comment Share on other sites More sharing options...
tom.peters Posted July 24, 2012 Author Report Share Posted July 24, 2012 I told you you guys were the coolest! Thanks! Link to comment Share on other sites More sharing options...
manu Posted July 24, 2012 Report Share Posted July 24, 2012 Tell me if everything works as expected! Link to comment Share on other sites More sharing options...
tom.peters Posted July 26, 2012 Author Report Share Posted July 26, 2012 Hi Manu - We are, currently, mapping out how we are going to implement permissions. This raised another question: If I deny permissions on the /main branch, will those permissions automatically be inherited by all descendants (child branches)? We have a group that can only check-in on specific branches which we will identify as they come up. I'd like to set that group to have no check-in permissions on all branches and then, as needed, grant check-in permission on specific branches. So, we have many branches and I was hoping that denying check-in to that group on /main would, thereby, deny it on all child branches. Thanks, Tom Link to comment Share on other sites More sharing options...
manu Posted July 26, 2012 Report Share Posted July 26, 2012 Hi Tom, I would recommend you to wait a little bit, we are about to release the new ACL system for Plastic SCM 4 and it will be much easier than the current one, we hope to have it released next week! But if you are really in a hurry we can speak about your scenario with the current system. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.