Tag Archive for 'access control'

Page 2 of 2

Intro to Subversion Access Control 4.1

Big plans are brewing at WANdisco for 2012, and one project that has just been completed, is Subversion Access Control 4.1.

Access Control 4.1 includes a revamped user interface. The new look makes it easier for users to navigate through the security features offered by Access Control and setup new rules and permissions for Subversion repositories and paths.

The ‘Group’ concept has been replaced with “Teams’ and a new feature has been added to allow the designation of “Team Leader” who is then granted some administrator privileges. Specifically, the Team Leader is able to setup user access rules to a pre-defined repository path (or paths).

We are calling this new feature Delegated Admin since it allows granting of some administrator privileges to users. The context of how this feature could be used might be best described in terms of business units for an enterprise corporation. Consider the following scenario.

A company has 100 Apache Subversion users split into 10 teams, each associated with a separate BU, each team has its own Subversion repository. In the past, Access Control admin can go in and setup repository security rules that applies to all 100 users and repositories. With delegated admin the Access Control administration can create 10 new Teams and assign a Team Leader to each one, specifying the Repository that team should have access to. From there, the Team Leader can log into the system, add/remove the users for the team, and setup multiple rules needed to properly manage those Subversion assets.

Effectively what delegated admin does is allow Team Leaders, people in charge of their respective Business Units, to define and configure their own team rules. Access Control supports the concept of nested-teams which is called Sub-Teams (see screenshot) and this would even allow you to further organize teams from larger sections into multiple sub-sections (eg: West Coast Branch –> Plugins Team; West Coast Branch –> Application Team) and designate a team leader at each level to manage users and rules.

The role of the Access Control administrator now is to simply define Team Leaders and the resources which they can direct access over. Once defined the Team Leader can only create rules that affect their resources meaning the West Coast Branch won’t be able to setup access rules for the East Coast Branch’s repositories and vice-versa.

The ability to delegate some administrator functionality to Team Leaders, and in the context of specific Subversion paths and repositories, is a powerful new feature that will empower enterprise organizations and save time and money. Team Leaders are able to set access restrictions based on the need and requirements of their given team or business unit and no longer have to rely on a single administrator to do that for them.

WANdisco Updates Subversion Access Control

We’re pleased to announce a substantial update to our complete authorization, audit and access control solution for Enterprise Subversion, Subversion Access Control.

Subversion Access Control 4.1 is an innovative security solution for Apache Subversion that provides full audit, authorization and access control capabilities that go well beyond what Subversion offers on its own. Some of the key benefits to employing Access Control include:

  • Delegated administration option that allows the root administrator to create teams and delegate administration authority to team leaders.
  • Automatic synchronization of Subversion Access Control with LDAP user and group configuration. Subversion Access Control automatically picks up LDAP user and group membership changes and assigns new users to the Subversion team that corresponds to their LDAP group.
  • Comprehensive audit capabilities that report every repository access attempt down to the file level, showing user, Subversion command, date and time and whether access was allowed or denied. Security administrators receive immediate alerts for any access violations.
  • Can be implemented standalone or in combination with Subversion MultiSite 4.1 for distributed development teams. With Subversion MultiSite, security policy changes made at one location are immediately replicated to every other to enforce consistency across all sites.

Subversion Access Control 4.1 is a substantial update for the product, not only adding a list of new functionality, but completely overhauling the underlying access model. The access control lists previously required to maintain complex security policies, have been replaced by an all-new, streamlined approach that applies access rules to hierarchical teams. For more information on what’s new and noteworthy in this update, see the Release Notes.

WANdisco will be hosting a free hour-long ‘Introducing Subversion Access Control 4.1’ webinar on April 12th. Early registration is recommended, as space is limited.