How can you limit access to a depot or stream via AccuRev's user groups?

0 Likes

How can you limit access to a depot or stream via AccuRev's user groups and access control lists (ACLs)?

ANSWER:

Here are the steps for setting up limited access to a depot named ACME and for a stream named "Gizmo_QA":

1. Create a group that will have full access to the ACME depot. We'll assume the group is called GroupA.
<accurev mkgroup GroupA>

Create a group that will have full access to the Gizmo_QA stream. We'll assume the group is called QA.
<accurev mkgroup QA>

2. Add the appropriate users to the groups.
<accurev addmember joe_user GroupA>
<accurev addmember joe_user QA>

3. Create two ACL's to limit access to the ACME depot:
<accurev setacl depot ACME anyuser none>
<accurev setacl depot ACME authuser none>
Note: the "anyuser" ACL restricts access for users who do not have a password on the server; the "authuser" ACL restricts access for those who have a password on the server.

Create the ACL's to limit access to the Gizmo_QA stream:
<accurev setacl stream Gizmo_QA anyuser none>
<accurev setacl stream Gizmo_QA authuser none>

4. Create the ACL that will grant full access to the group.
<accurev setacl depot ACME GroupA all>
The above ACL grants full access to all the users in the GroupA group for the ACME depot.

<accurev setacl stream Gizmo_QA QA all>
The above ACL grants full access to all the users in the QA group for the Gizmo_QA stream.

5. Verify that all the ACLs have been set:
<accurev lsacl depot>
Project Group rights
ACME anyuser none
ACME authuser none
ACME GroupA all
Now only the GroupA users can access the depot.

<accurev lsacl stream>
Project Group rights
Gizmo_QA anyuser none
Gizmo_QA authuser none
Gizmo_QA QA all
Now only the QA group users can access the Gizmo_QA stream.

NOTE: The users in GroupA and QA need to be authenticated users in order to access the ACME depot and QA stream, respectively. This means that they need to have a password set on the server and the password stored on their client machine must match that password. If they are not authenticated, then they will be viewed as "anyuser" and access will be denied.

Note: The above operations can also be performed in the gui from the "Security" tabbed page.

Comment List
Anonymous
Related Discussions
Recommended