Help on user repository access on upgrade

[tjruska]

I just converted in a non-prod environment from version 3.5.3 to 4.1.4. All seems well until I started looking at how user security will work and noticed something that I need help on.

We have build user accounts that have access to one repository for the purposes of running CCNet. So when I use that id and log into the v3.5.3 of Vault, that id only has access to one repository. Perfect. When I log into the v4.1.4 version of the same, that id now has access to every repository! What happened? Did I forget to do something as part of the upgrade process? Do I need to do something post-upgrade now? This will not make our security and auditors happy at all and I am glad I caught this now.

Tom

[lbauer]

Check whether repository access is enabled for all users. This setting is in the Admin Web Client under Source Control Repositories->(Repository name)->Repository Access

Also, check the rights for each of those accounts. This setting is in the Admin Web Client under Users->Username->Overview
Are those set properly? If they are, make sure Folder security is enabled for each repository. This setting is in the Admin Web Client under Source Control Repositories->(Repository name)->Folder Security.

Let me know what you find out.

[tjruska]

The "Default rights to the repository for all users" is set to "Access". I guess it should be "No Access"? "Folder Security was not enabled either. So I would need to ensure that the "Default rights to the repository for all users" is set to "No Access" for all existing repositories and that "Folder Security" is enabled for each too?

Is there anything else I need to do/check to ensure the security remains the same as before? We have over 100 repositories and almost 300 users.

Thanks, Tom

[lbauer]

Yes, though if you set No Access under Default Repository settings, it won't change existing repositories, just set No Access for new ones.

I'll check with our database developer to see if he can give you a SQL script to set all repositories to No Access and turn on Folder Security for all repositories.

[tjruska]

Great. i did find that under "Repository Access - Default Repository Settings"-->"Repository Default"-->"Default rights to the repository for all users", i f set it to No Access and hit the "Apply to other Repositories" did the trick. Please confirm that this is the correct procedure to reset all existing repositories to No Access.
If so, I have my answer. As to the enabling of folder securities, it turns out only a hand-full were not enabled. So i have a post upgrade task that will take me a few minutes which isn't all that bad. After doing this, I did log into the client using existing id's and the security was the same as before.

Thanks, Tom

[drmccue]

Tom,

>> Please confirm that this is the correct procedure to reset all existing repositories to No Access.

That is the correct procedure.

Best regards,
Dan McCue
SourceGear