Search Unity

Question Permissions management

Discussion in 'Unity Version Control' started by crossmr, Mar 8, 2023.

  1. crossmr

    crossmr

    Joined:
    Aug 23, 2019
    Posts:
    19
    Am I missing something here or is it really this laborious?

    We have a situation where we have a couple dozen repos. We have a contractor come in to work on something specific. Logic would dictate I could set the default behaviour for their group to 'deny all' and then go to the one repo I want them to be able to access and give them permissions there. But that doesn't work. They can't see it because the server permissions override the repo permissions even if I click 'override' on the permissions to tell it to use the allow permissions. So instead I have to allow them on the server and then go through each repo one by one to deny them access on 23 repos.
     
    crossmr, Mar 8, 2023
    #1

  2. carlosalba1985

    carlosalba1985

    Unity Technologies

    Joined:
    Jul 19, 2021
    Posts:
    1,064
    Hi,

    if you neither allow nor deny the view and read permissions at the server level for a specific group, you can explicitly allow access then for this group for the specific repos you need.

    Note that the permissions are overlapped. Please check the users are not belonging to multiple groups: Developers, and ALL_USERS. if some user belongs to a group with denied permissions, the denial always prevails.

    Regards,
    Carlos.
     
    carlosalba1985, Mar 8, 2023
    #2

  3. carlosalba1985

    carlosalba1985

    Unity Technologies

    Joined:
    Jul 19, 2021
    Posts:
    1,064
    Hi,

    if you neither allow nor deny the view and read permissions at the server level for a specific group, you can explicitly allow access then for this group for the specific repos you need.

    Note that the permissions are overlapped. Please check the users are not belonging to multiple groups: Developers, and ALL_USERS. if some user belongs to a group with denied permissions, the denial always prevails.

    Regards,
    Carlos.
     
    carlosalba1985, Mar 8, 2023
    #3

  4. crossmr

    crossmr

    Joined:
    Aug 23, 2019
    Posts:
    19
    Hi Carlos, the users are definitely in a single group. A custom group was made just for their role. So you're saying I can leave all their permissions blank essentially and then set them up as allow only on the repos that we want them to have access to and the rest of the repos will deny them access by default? Even though they're not set to deny?

    It would also help matters if we could get permission management added to the API. I notice that's listed as not supported at this time.
     
    crossmr, Mar 8, 2023
    #3

  5. carlosalba1985

    carlosalba1985

    Unity Technologies

    Joined:
    Jul 19, 2021
    Posts:
    1,064
    Yes, this should be possible.

    You can use the following commands. Although I understand your point:
    Code (Boo):
    1. cm showacl --help
    2. cm acl --help
    Regards,
    Carlos.
     
    carlosalba1985, Mar 8, 2023
    #4