Hi all, We are actively using authz path-based authentication rules: due to some legal requirements, some parts of our product source code are not accessible to a part of the developer team. Currently authz does not support wildcards (there is an issue about that [1] discussed since 2006). Because of this, each time a branch is created, authz rules have to be copied and modified for the new branch.
This leads to a proliferation of authz rules; our authz is currently about 2000 lines and growing. I am currently implementing a post-commit script so that we would be able to record authz rules on files/directories, and authz would be appended with new rules every time these files/directories are copied. First, I am wondering how well such 'authz' approach would scale. Has anyone run scalability tests on authz? Second, I thought that if I am using properties to track authz-controlled files, SVN server would probably do that more effectively than a post-commit script. As an added value, property-based authz would allow versioning in path-based auth configuration that current mechanism does not allow. E.g., currently one could either configure path /foo as either R/O, R/W or unaccessible to user U; it is not possible to configure the path to be unaccessible before/after a certain revision. Thoughts? Ideas? Regards, Alexey. [1] http://subversion.tigris.org/issues/show_bug.cgi?id=2662
