Jump to content

Ed Harris


Recommended Posts

Hi Ed,

You were right, but there are two points in your proposal that need to be reviewed. We have been studing your case and I recommend you to follow these steps:

You must remove the following Repository Server permissions for the Developers group:

chgperm, chgowner, mkrepository, rm, rename

You must add a new group to Repository Server permissions with all permissions, called, for example Integrators. Users on this group will have all privileges on the SCM. No developer can belong to this group.

You must remove the following Workspace Server permissions for the Developers group

chgperm, chgowner, rm, rename

Again, you must add a new group to the Workspace Server (Integrators) with all permissions.

Now you must adjust permissions for each Repository and each Main Branch on each Repository.

For each Repository you must allow the following permissions to the Developers group:

rm, rename 

(developers need these permissions to delete or rename files on their branches, but they will never be able to rename or remove repositories, because the RepositoryServer doesn't have these permissions). When you create a new Repository, you will need to adjust these permissions.

For each Main Branch, you need to break the inheritance, copying inherited permissions. Then you must remove the following permissions to the Developers group:

mkrevision, applylabel 

(mkrevision permission is stronger than rm, rename, co, ci and unco permissions ... even though you can also remove these permissions if you want to)

Note that mklabel permission is allowed for Developers. It is your decission to allow or deny it for them. Sometimes a developer wants to apply a label to revisions in his branch, but he will never be able to apply a label in any main branch, because this permission is not given for him.

If you want to control this situation, you must remove applymarker permission from RepositoryServer permissions.

Let me know if you require any further explanation and what you think about this proposal,

Do not hesitate to contact me if you have further questions,

Kind Regards,


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...