Create new repository, access granted to all (incl. inactiv)

This forum is now locked, since Gold Support is no longer offered.

Moderator: SourceGear

Locked
Tri
Posts: 288
Joined: Wed Dec 22, 2004 11:10 am

Create new repository, access granted to all (incl. inactiv)

Post by Tri » Thu May 26, 2005 7:34 am

Server, Client, Admin tool 3.07

When a new repository is created. The access is granted to all users, including inactive users. I think it is not safe as inactive users are hidden by defaullt.

For example, 1 month later when an inactive user is re-activated, if the admin doesn't pay attention to check the access permission, this user will gain access to the new repository.

Is it possible to have a more flexible security settings? Propositions:

1. In the Repository creation form. Give some check boxes to ask choice (Grant access to all users, Grant access to all active users, Deny access to all)

and/or

2. In Admin Tool, give a server wide setting for security policy:
- low (like currently)
- medium
- high

I don't know what to put in 'medium'. But for the 'high' setting, the default behaviour could include:
- new user has default permission = blank. No access to any repository
- new repository: folder security enabled, access denied to all users.
- AD authentication enabled

dan
Posts: 2448
Joined: Wed Dec 17, 2003 5:03 pm
Location: SourceGear
Contact:

Post by dan » Thu May 26, 2005 10:02 am

We've had other requests as well for setting default security on repositories and such. I'll add your vote and your ideas to the feature request.

Thanks,

Locked