Location-Aware Subversion Access Control

Almost all Subversion access control systems are role or group-based. Typically a particular group of developers has write access to the repository while another, larger group has read access, but sometimes it’s more useful to control access based on location. IP address-based or location-aware Subversion access control is one of the most powerful features of WANdisco’s SVN Access Control product.

SVN Access Control is a mature product, but it’s worth taking a look at some of the clever features that may not jump out at first glance. The foundations of SVN Access Control are simple management, LDAP integration, granular permissions down to the file level, and strong auditing, but IP address-based rules are one of the hidden gems.

Setting an IP address-based rule is easy; simply specify the range of applicable IP addresses when adding or editing the rule.

Still the question remains: why should you care about the IP address of a user? If that person is part of the team, why does it matter where they’re connecting from? There are many reasons, actually, but they boil down to two categories.

Not every part of the network is trusted as much as the main office LAN

  • We can limit access to sensitive data when developers are connecting over VPN.

  • We can grant different access to the same user if they’re working at a remote partner office versus the main office (and can audit what’s being accessed from remote sites, in the spirit of trust but verify).

More than just source code is stored in Subversion

  • We can make production environment and configuration data read-only on development machines, read-only on app servers, and writable only for authorized Ops workstations.

  • We can lock down data that we need to push to a public cloud for deployment.

  • We can make data read-only when accessed from a build server, just in case.

SVN Access Control is a powerful tool for securing and managing Subversion data. If you haven’t explored IP address-based rules yet, give it a shot. You may find they help solve some tricky problems. You can start with a free trial or talk to one of our Subversion experts first.



0 Responses to “Location-Aware Subversion Access Control”

  • No Comments

Leave a Reply