mawg Posted September 7, 2013 Report Share Posted September 7, 2013 Typical newbie mistake :-)I wanted to try out permissions and I created a group, went to the repository permissions, add the group, saw that it had a bunch of permissions (not all, but assumed the important ones & I could change them later) then went to permissions for all users and deselected all.Clicked ok and was told that I don't have read access on the repository. So, now i am locked out :-)Not the end of the world, it was only the first checkin, so no history was lost.However, I have coded permission s/w myself and I always put in a check for things like that or deleting the last admin user or taking away his admin privileges, etc, before executing any permission changes. Maybe you want to think about it?Don't feel bad about it. Even MicroSoft let me remove access from all to my C: drive and left me with no option but a complete reinstall ;-) Link to comment Share on other sites More sharing options...
mawg Posted September 7, 2013 Author Report Share Posted September 7, 2013 Update: "woops, I did it again ... la la la"This time, I am 100% sure that first gave all permissions to a group of which I was logged in as a member and secondly removed all permissions from the all users group, then was told, when I clicked OK, that I don't have read or change permission.I guess that all users overrides my group setting?And I can't remove the "all users" group from the privileges?So, how do I configure to say "only users in this group have access, and no one else?".And is there any way that I can "unhide" those repositories, or else delete them, even if manually? I can't think of any more meaningful names for the repository :-)Sorry to be such a clueless newbie Link to comment Share on other sites More sharing options...
calbzam Posted September 12, 2013 Report Share Posted September 12, 2013 Hi, I would recommend you, first of all, to change the repository server owner to a known user. This way , you will be able to change the permissions if they are modified my mistake. If you have a user in two groups, the deny operation overrides your group settings. You can remove "ALL_USERS" group from the permissions configuration panel or you can leave the permissions for "ALL_USERS" neither allowed nor denied. This way your group permissions will not be overridden. The owner has all the permissions, so will never lose them. If you get stuck because there is no way to recover the permissions, I will send you the way to modify the database to recover them. When you say that you want to unhide or delete repositories, you mean configure permissions to allow or deny it? Regards, Carlos Link to comment Share on other sites More sharing options...
mawg Posted September 13, 2013 Author Report Share Posted September 13, 2013 hi, Carlos, thanks for the explanation. There really is excellent support with PlasticSCM. However, I am still confused, because I think that what I am doing is intuitive. Can you please try this with a dummy repository? "I would recommend you, first of all, to change the repository server owner to a known user." - by default, the owner is the one who created the repository (me). 0) I create a new repository & workspace. 1) I give myself all permissions 2) "You can remove "ALL_USERS" group from the permissions configuration panel " I try to remove "all users" and am told "Cannot remove an inherited entry". (if this were my code, as soon as I added a second user or group, I would change the text of "all users" to "other users" or "all other users" & change it back if I removed users/groups until that was the only one left - text would be "all users" again"). 3) "or you can leave the permissions for "ALL_USERS" neither allowed nor denied" - the permissions are checked, but grey, so it seems that my only option is ... 4) I deny everything for all users, because it has many permissions that I don't want anyone except for me to have. I should be the only only one who even knows that this repository exists. This results in me being told that I don't have read access and suddenly the repository is no longer visible in my list of repositories. 5) since I cannot remove All Users from the list of users and I cannot Deny it any privileges, I login on a 2nd PC as a different user and can see the repository and all files in it. How can I avoid that? "The owner has all the permissions, so will never lose them." If you repeat the above you will that it isn't so. "If you get stuck because there is no way to recover the permissions, I will send you the way to modify the database to recover them. " yes, please! Thanks! Sorry to be so dumb, but I don't feel comfortable using PlasticSCM until I resolve this. Perhaps ... In my case, I only need two groups of people, so I can user two servers, but I doubt that that is the best solution. Also, once I have configured the client, anyone with access to my machine can click its icon & log in without giving a password. Ok, I use a Windows screen saver with password. Link to comment Share on other sites More sharing options...
calbzam Posted September 13, 2013 Report Share Posted September 13, 2013 Hi, You cannot remove "ALL_USERS" or any other group in your repository permissions, because the permissions are being inherited. There are two different permission levels - Repository server permissions - Repository permissions. The permissions you set at a "repository server level", will be inherited at the "repository level". When I said "The owner has all the permissions" I meant the repository server owner, but not the repository owner. You can modify the permissions at the "repository level", but the repository sever permissions will also be applied and cannot be modified in this level. At "repository server level", you can remove "ALL_USERS" group from the permissions configuration panel or you can leave the permissions for "ALL_USERS" neither allowed nor denied and no permissions will be inherited to the "repository level". Regarding the last question, once a Plastic is configured (user, password), you won´t need to insert the password each time you open Plastic. If more users are going to use your machine, we can study other possibilities, but it´s the default behavior. I´ve sent to your mail a guide to restore permissions in case you cannot set your user as repository server owner. Regards, Carlos Link to comment Share on other sites More sharing options...
mawg Posted September 16, 2013 Author Report Share Posted September 16, 2013 Ok, I uninstalled PlasticSCM (which, I suspect does not complete uninstall, as it looked like some configuration was left behind (but I might be wrong); I get annoyed with programs that don't do that, but even the best professional install programs don't seem to get it right), then re-instaleld. Then I actually read the excellent on-line documentation; and I read the excellent help provided by the very patient Carlos. Then I thought about it and here is what I did, in case it is of help to anyone else (Carlos, please correct me if I am wrong). Firstly, I tried to realize the difference between the menu items Permissions and Repository Server Permissions (on the right-click menu of all repositories). It seems to me that Permissions applies to a single repository and Repository Server Permissions applies to all repositories on a given server (some projects may have multiple servers, personally I only have one). Permissions are inherited & if one thinks in terms of Object Orientation then the Repository Server Permissions are the absolute base class - the ancestor of all permissions. Where the OO analogy breaks down in that during inheritance it is possible to add permissions, but not to remove those which are given by an ancestor. And that explains my original problem - by default, everyone (group All Users) has every permission in the base class Repository Server Permissions. So, what I did was to create a new user called Admin and give that all permissions in Repository Server Permissions. Now, if I ever mess up then I, being the only one who knows the Amin password, can put things right again. *AFTER* creating the emergency Admin user (and definitely *NOT* before - I can't stress that enough), edited the Repository Server Permissions for the group All Users and simply removed the "View" permission. Removing View from the absolute bases class of permissions for the server means that "everyone else" can't even see that any repositories exist on the server. In this case, "everyone else" means anyone who is not explicitly given access. So, when I create anew repository, I might give full access to all members of a group called Coders and read only to a group called Testers (since I don't want them changing the code). The actual permissions are not so important here, that's up to the creator of the repository to decide, the point I am trying to make is that now, after what I did to the Repository Server Permissions, anyone who is not a member of Coders or Testers doesn't even know that the repository exists and so cannot access it. Which is what I wanted; YMMV Carlos, is that about right? I will look again at which permissions I set in Repository Server Permissions; I am thinking, for instance, that I might remove the "Change Owner" permission, so that now only my Admin user can change the owner of a repository. In fact, I think that you ought to consider creating a setup such as I described (perhaps just one setting, perhaps a wizard) when first setting up a repository server (installing the server s/w). I believe that would appeal strongly to larger companies with big IT departments, S/w QA, etc. Anyway, thanks again for an excellent & well-documented product and for your patience in helping me. Link to comment Share on other sites More sharing options...
calbzam Posted September 16, 2013 Report Share Posted September 16, 2013 Hi, When you uninstall Plastic, all the binaries are removed, but your configuration files still remain. You can manually remove them if necessary. I think your workflow is right in your scenario. If you find any issue, let us know, but it makes sense. Thanks for your feedback!! It´s appreciated. Regards, Carlos Link to comment Share on other sites More sharing options...
Rixxo Posted February 12, 2014 Report Share Posted February 12, 2014 Hi, I would recommend you, first of all, to change the repository server owner to a known user. This way , you will be able to change the permissions if they are modified my mistake. If you have a user in two groups, the deny operation overrides your group settings. You can remove "ALL_USERS" group from the permissions configuration panel or you can leave the permissions for "ALL_USERS" neither allowed nor denied. This way your group permissions will not be overridden. The owner has all the permissions, so will never lose them. If you get stuck because there is no way to recover the permissions, I will send you the way to modify the database to recover them. When you say that you want to unhide or delete repositories, you mean configure permissions to allow or deny it? Regards, Carlos Hi Carlos, can you please explain how it is possible recover the permissions by the modification of the database. Thanks EDIT: not worry I did by my-self thanks anyway. Link to comment Share on other sites More sharing options...
calbzam Posted February 17, 2014 Report Share Posted February 17, 2014 Hi, If you have the problem again, you can reach me: calba at codicesoftware dot com And I will send you the steps by editing the database. Regards, Carlos Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.