VAULT 3.0 user/group access control
Moderator: SourceGear
VAULT 3.0 user/group access control
I don't understand the point of groups and users when they don't relate to repositories. I would like to create 2 groups; Platform_A and Platform_B. Platform_A users can only access Repository_A while Platform_B users can only access Repository_B. How is this setup? The group dialog does not apply to a repository, neither does the user dialog. Managing repository access by user (which seems to be the only way) defeats the purpose of group management control. What am I missing?
Folder Security
I found the answer to my own question. You need to turn on Folder Security for each repository, then go to the Groups dialog and use Security button to assign a repository for group access.
Great product!
Great product!
Circular security
Still confusion on associating a user to a particular repository access by using groups. Once again, I have two repositories; R1 and R2. I have two groups; G1 and G2. For repositories R1 and R2, I enable folder security. Then I create groups G1 and G2. For G1, I select "Security Rights" in the group dialog and add an assignment to access repository R1. I add user U1 to G1. I carry out the same operations such that G2 has an assignment to access repository R2. This time, however, U1 is not part of group G2. So U1 should only be able to connect to repository R1.
Now here is the clincher, when I logon to Vault as U1, I can select either R1 or R2. If I choose R2, I have full access!
Going back to the Admin Tool, I select U1 in the user dialog, select the "Security" button, and I find check boxes to enable access to repositories G1 and G2 and both are enabled eventhough U1 only belongs to group G1 which in turn has access to R1. This set of check boxes SHOULD NOT BE THERE or they should be disabled when Folder Security is enabled and hence controlled by the group panel....
Now here is the clincher, when I logon to Vault as U1, I can select either R1 or R2. If I choose R2, I have full access!
Going back to the Admin Tool, I select U1 in the user dialog, select the "Security" button, and I find check boxes to enable access to repositories G1 and G2 and both are enabled eventhough U1 only belongs to group G1 which in turn has access to R1. This set of check boxes SHOULD NOT BE THERE or they should be disabled when Folder Security is enabled and hence controlled by the group panel....
Vault by default gives users access - setting up security is a way to take away those default rights. So, you have to explicitly remove a user's access to a repository for them not to have it.
We've had other requests to toggle this, or add an option to toggle it, which we do think is a good idea.
Repository level access is fairly easy to turn off for a user - go to the user's tab and uncheck the repository, or go to the repository properties and uncheck the user (in Repository Access tab). And, yes, we agree it is a pain to remember to do this for each user when you add them. Also, it would be nice to allow groups to turn on/off repository access this way too, and we do plan to do that as well.
Sorry for the confusion.
We've had other requests to toggle this, or add an option to toggle it, which we do think is a good idea.
Repository level access is fairly easy to turn off for a user - go to the user's tab and uncheck the repository, or go to the repository properties and uncheck the user (in Repository Access tab). And, yes, we agree it is a pain to remember to do this for each user when you add them. Also, it would be nice to allow groups to turn on/off repository access this way too, and we do plan to do that as well.
Sorry for the confusion.
Group vs. user security
The idea of group security is to handle access to a class of users. I've got lost of users to keep track of so doing it on a user by user basis is a pain. Anyway, its clear that you guys recognize this and hopefully we'll see an improved interface in the future to handle this issue. Thanks.