Path-based access control (or path-based authorisation) is a feature that allows repository administrators to control access to parts of the repository (i.e., the path in the repository) for certain users or groups of users.
File Syntax
The syntax of the authz
and groups
files is similar to the syntax of Subversion's configuration files, but there are some important differences:
- Authorisation files can not be empty and must contain at least one section header.
- Section and option names are case-sensitive.
- Sections can not be reopened — this means that rules can be defined only once.
- Value expansion is not performed.
- Default values, and the
[DEFAULT]
section itself, can not be used.
Future change: SVN-4795 proposes changing how section headers are parsed.
Differences from previous versions:
- Section and option names are case-sensitive since version 1.7; they were case-insensitive in previous versions.
- Before version 1.10, rules could be redefined, and value expansion and
[DEFAULT]
values were supported.
Groups
Aliases
Rules
The following is a formal definition of the authorisation file syntax, in BNF:
<authz-file> ::= <records> | <ignored> <records>
<ignored> ::= <empty> | <comment> | <ignored> ( <empty> | <comment> )
<records> ::= <section> | <records> <record>
<record> ::= <empty> | <comment> | <section> | <entry>
<empty> ::= <opt-space> <line-end>
<comment> ::= "#" <opt-text> <line-end>
<section> ::= "[" <section-name> "]" <opt-text> <line-end>
<entry> ::= <option> | <option> <continued>
<option> ::= <key> <opt-space> <key-sep> <opt-text> <line-end>
<continued> ::= <continuation> | <continued> <continuation>
<continuation> ::= <space> <text> <line-end>
<section-name> ::= "groups" | "aliases" | <rule>
<rule> ::= <opt-glob> <opt-repos> <path>
<opt-glob> ::= ":glob:" | ""
<opt-repos> ::= <repos> ":" | ""
<repos> ::= <repos-char> | <repos> <repos-char>
<path> ::= "/" | <path> <path-char>
<line-end> ::= <LF> | <end-of-file>
<space> ::= <space-char> | <space> <space-char>
<text> ::= <non-space> | <text> <text-char>
<key> ::= <key-start> | <key-start> <key-cont> <key-end>
<key-cont> ::= <key-char> | <key-cont> <key-char> | ""
<opt-space> ::= <space> | ""
<opt-text> ::= <opt-space> <text> | ""
<end-of-file> ::= (the end of the file)
; Character classes
<space-char> ::= <BS> | <TAB> | <VT> | <FF> | <CR> | <SPC>
<text-char> ::= (any character except <LF>)
<path-char> ::= (any <text-char> except "]")
<repos-char> ::= (any <path-char> except ":")
<non-space> ::= (any <text-char> except <space-char>)
<key-sep> ::= "=" | ":"
<key-start> ::= (any <non-space> except <key-sep>, "#" and "[")
<key-end> ::= (any <non-space> except <key-sep>)
<key-char> ::= (any <text-char> except <key-sep>)
; Characters (ASCII and Unicode names)
<BS> ::= U+0008 BACKSPACE
<TAB> ::= U+0009 CHARACTER TABULATION
<LF> ::= U+000A LINE FEED
<VT> ::= U+000B LINE TABULATION
<FF> ::= U+000C FORM FEED
<CR> ::= U+000D CARRIAGE RETURN
<SPC> ::= U+0020 SPACE
HowTo
Validating In-Repository Authorisation Files
References
-
SVN-4762
-
Getting issue details...
STATUS
-
SVN-4793
-
Getting issue details...
STATUS
-
SVN-4794
-
Getting issue details...
STATUS
-
SVN-4795
-
Getting issue details...
STATUS
-
SVN-4802
-
Getting issue details...
STATUS
-
SVN-4803
-
Getting issue details...
STATUS
-
SVN-4204
-
Getting issue details...
STATUS