Managing and monitoring access control just got a little easier thanks to the introduction of versioned access control files in Subversion 1.8. You can now store the authz file often used to govern repository access when Subversion is running over Apache or svnserve.
The easiest way to try this is to check in your authz file, then reference it in the server configuration using relative repository syntax. Let’s say I have it in the repository under the path svn://repo-host/protected/authz. I would then refer to it in svnserve.conf:
authz-db = ^/protected/authz
You should, of course, make sure that only authorized users can see and change the authz file. You may worry that you’ll lock yourself out of the repository if you make a mistake that denies all write access to the authz file, but you can always temporarily switch Apache or svnserve back to using a local authz.
If you manage several related repositories, you can store all of their authz files in a central management repository, and refer to the authz files with local file syntax. In this case, all of the repositories must have access to the same file system.
With this change, Subversion takes one step closer to the ideal of ‘infrastructure as code’, taking a lesson from the DevOps space. In many ways, your SCM configuration is as important as the data in the SCM system itself, so capturing this data in the SCM system is simply good practice.
Grab a certified SVN 1.8 binary today and give it a try.
Subversion is a registered trademark of the Apache Software Foundation