You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 34
Next »
Path-based access control (or path-based authorisation) is a feature that allows repository administrators to control access to parts of the repository (i.e., the path in the repository) for certain users or groups of users.
File Syntax
The syntax of the authz and groups files is similar to the syntax of Subversion's configuration files, but there are some important differences:
- Authorisation files can not be empty and must contain at least one section header.
- Section and option names are case-sensitive.
- Sections can not be reopened — this means that rules can be defined only once.
- Value expansion is not performed.
- Default values, and the
[DEFAULT]
section itself, can not be used.
Future change: SVN-4795 proposes changing how section headers are parsed.
Differences from previous versions:
- Section and option names only became case-sensitive in version 1.7.
- Before version 1.10, rules could be redefined, and value expansion and
[DEFAULT]
values were supported.
Groups
Aliases
Rules
The following is a formal definition of the authorisation file syntax, in BNF:
<authz-file> ::= <records> | <ignored> <records>
<ignored> ::= <empty> | <comment> | <ignored> ( <empty> | <comment> )
<records> ::= <section> | <records> <record>
<record> ::= <empty> | <comment> | <section> | <entry>
<empty> ::= <opt-space> <line-end>
<comment> ::= "#" <opt-text> <line-end>
<section> ::= "[" <section-name> "]" <opt-text> <line-end>
<entry> ::= <option> | <option> <continued>
<option> ::= <key> <opt-space> <key-sep> <opt-text> <line-end>
<continued> ::= <continuation> | <continued> <continuation>
<continuation> ::= <space> <text> <line-end>
<section-name> ::= "groups" | "aliases" | <rule>
<rule> ::= <opt-glob> <opt-repos> <path>
<opt-glob> ::= ":glob:" | ""
<opt-repos> ::= <repos> ":" | ""
<repos> ::= <repos-char> | <repos> <repos-char>
<path> ::= "/" | <path> <path-char>
<line-end> ::= <LF> | <end-of-file>
<space> ::= <space-char> | <space> <space-char>
<text> ::= <non-space> | <text> <text-char>
<key> ::= <key-start> | <key-start> <key-cont> <key-end>
<key-cont> ::= <key-char> | <key-cont> <key-char> | ""
<opt-space> ::= <space> | ""
<opt-text> ::= <opt-space> <text> | ""
<end-of-file> ::= (the end of the file)
; Character classes
<space-char> ::= <BS> | <TAB> | <VT> | <FF> | <CR> | <SPC>
<text-char> ::= (any character except <LF>)
<path-char> ::= (any <text-char> except "]")
<repos-char> ::= (any <path-char> except ":")
<non-space> ::= (any <text-char> except <space-char>)
<key-sep> ::= "=" | ":"
<key-start> ::= (any <non-space> except <key-sep>, "#" and "[")
<key-end> ::= (any <non-space> except <key-sep>)
<key-char> ::= (any <text-char> except <key-sep>)
; Characters (ASCII and Unicode names)
<BS> ::= U+0008 BACKSPACE
<TAB> ::= U+0009 CHARACTER TABULATION
<LF> ::= U+000A LINE FEED
<VT> ::= U+000B LINE TABULATION
<FF> ::= U+000C FORM FEED
<CR> ::= U+000D CARRIAGE RETURN
<SPC> ::= U+0020 SPACE
HowTo
Validating In-Repository Authorisation Files
References
-
SVN-4762
-
Getting issue details...
STATUS
-
SVN-4793
-
Getting issue details...
STATUS
-
SVN-4794
-
Getting issue details...
STATUS
-
SVN-4795
-
Getting issue details...
STATUS
-
SVN-4204
-
Getting issue details...
STATUS