Repository access management overview

Polarion utilizes an integrated Subversion repository to manage all data artifacts. Access to Subversion is controlled by the Subversion access file. Polarion provides a web based client with an interface to facilitate administrators who need to control repository access directly in Subversion. Subversion administration and access file management is a topic beyond the scope of this Help. Basic knowledge of the SVN access file is assumed. For information about Subversion repository administration, see http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html.

Warning:

Access control groups can contain other groups (as described in the above document), but only a single level of nesting is supported.

The following example will work and the parent-group will effectively contain four users:

[groups]

parent-group = sally, joe, @child-group

child-group = frank, jane

The following example will not work:

[groups]

parent-group = sally, joe, @child-group

child-group = frank, jane, @grandchild-group

grandchild-group = harry

The Access Management feature enables you to edit data in the SVN access file online, in either repository scope or single project scope. It is an administration feature, so you must have administrator permissions for the scope you want to work with.

Warning:

If you create a Subspace within a Space, or move a Space/Subspace from another Space, the new or moved Space does not inherit the Subversion repository restrictions or permissions from the new parent. If you want to restrict access to a newly created or moved Subspace, you have to remove the SVN access rights and create a custom rule for permissions. See Configure user Permissions - Define permissions for Artifact Sets.

Access the client

  1. Log on with administrator permissions for the repository or project you want to work with, and open it.

  2. If you are not in Administration after logging on, click the Administration link in the Tool view of Navigation.

  3. In Navigation, expand User Management and select Access Management.

    The Access Management page opens. This is the access management client.

    4. You can now browse the repository structure, and view and modify Role, Group and User assignments.

Access management client basics

The Access Management page is divided into two parts, top and bottom. The top part enables you to browse through the repository structure as it is defined in the access file, and review the current Role and User assignments for folders and files. Keep in mind that this part is a viewport into the SVN access file, and what you see is what is currently in that file.

The upper part of the page displays a string that shows the repository path to the currently selected folder or file. Some or all of the folder names in the path are clickable depending on your permissions:

  • If you have global ( Repository) administrator permissions, the all folder names in the path are clickable enabling you to navigate all the way up to the repository root.

  • If you have project administrator permissions, the full path to the project root folder is displayed, and you cannot navigate higher than that folder.

The lower part of the Access Management page provides detailed information about access rights currently defined for the folder or file selected in the top part of the page. In the lower part you can:

  • Add, edit, or remove Role and Group assignments for the selected folder or file. Click the (Edit) icon in the Roles and Groups Assignment section in the lower part of the Access Management page.

  • Add, edit, or remove User assignments for the selected folder or file. Click the (Edit) icon in the Users Assignment section in the lower pane of the Access Management page.

    Note:

    Assigning access by via Roles or Groups is generally considered better practice than by User.

  • Review Users, Roles and Groups that currently have read and write permission for folder or file currently selected in the upper page division.

  • Review Users, Roles and Groups that currently have read-only permission for the folder or file currently selected in the upper page division.

By default, files in a folder have the same access permissions as the containing folder. If you want some files to have different permissions, you can grant or revoke them on individual files.

Access control for Documents

Controlling access to Documents is an issue in some organizations. To do this, administrators do not apply repository-level access control to specific Documents, but rather to the analogous repository folders, which in effect amounts to the same thing. Document folders are located under the project folder in the modules subfolder, and the folder names are the same as the Document titles.

For example, if you wanted to set access control on the Catalog Specification Document in the eLibrary example project, you would set the desired permissions on the folder Default Repository/Demo Projects/elibrary/modules/Specification/Catalog Specification/. When repository access management restricts a user from accessing a Document, the Polarion user interface does not show the Document to the user in Navigation. Users can still see links leading to restricted Documents in Pages, other Documents, Work Items, and other content, but if they click such links they are shown a message informing them that access is restricted.