Branches security automation

[ICODev]

Hi,

We are currently using branches for RC and Release version of our code. The problem is that when branching, the folder security is kept. We want different groups of programmers to have access to each branches for better control over dev, quality control, hotfixes and final release.

The only option we have right now is when branching (manually or through CommandLine), to rapidly remove every rights we do not want and settings the new ones. But this causes a security flaw because our users can have access to the code during this maneuver and it's time consuming evry time we want to branch something.

Is there a solution to automate this process to limit flaws and security breaches?

Thanks!!

[Beth]

What should help you the most in this situation will be to use Groups so that changing security will just involved changing which group has access. I have some examples with Groups posted in this KB article: http://support.sourcegear.com/viewtopic ... 13&t=21607.

I can put in a feature request to change how security works with branches. Is it save to assume you would prefer the branch to start out with no rights on it and then you add rights?

[ICODev]

Thanks for your reponse.

We already have groups, multiple groups in fact (Read-only, Admin, etc) for each environnement (Dev,RC,Release) for every projects we have. So we have to make multiple manual operations for the time being.

This feature will be useful. In addition, if we can use admin function by command line (Clear rights, add rights, remove rights), we would be able with a Batch file to branch, clear rights and add the good ones.

We actually have a security flaw with the actual branching behavior, users may have access to protected source code (our Framework for exemple) during the interval we are manually changings access rights after branching. How long may it take for a feature request to be processed?

Thank you very much!

[Beth]

I've added a feature request for command-line client administrator functions.
F: 17421

Right after you perform the branch, are you removing users rights from the branch?

I can't recreate a scenario where the user still has any rights after the security is changed. In my test, I had a user already open a branch and be viewing it. Then I changed security. The next time my client refreshed, the folder went away. Also, as soon as I tried to do anything with a file it gave me a no access error and refreshed. Can you tell me the steps you are performing that have a user still having access?

One work around might be to remove access from the original folder entirely before branching and then set all the appropriate access rights you need.

[GregM]

Is the problem that you're branching it into a folder with different security than the one where it is currently located? Could you branch it into the same folder as it is currently in, so no one new has access, adjust the security there, and then move it to its final location?

[ICODev]

Thanks for the feature request. Any estimated release date?

Yes we actually are removing user rights right after branching, but we have many subfolders to process to remove any unwanted access rights to the branch.The security is working great, but there is a timing issue when manually branching. If a user is refreshing when we are changing rights (again we have many subfolders at the same level in the branch to process, we start with the most sensitive folders) he may still have access to some code. With automated Batch file we want reduce that possibility.

We could also remove rights before and put them after as you suggest, but we want to have as little manual manipulation as possible for our developpers when branching on various projects and environment. The goal here is to limit any human mistakes. With admin batch commands we will be able to remove rights before or after branching.

[Beth]

I don't have a release date for the feature I just logged.