Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
1.2.1
-
None
Description
(see also: CWDSUP-700)
When multiple groups are specified in an svn authz file for a repository path and the principal belongs to more than one of those groups the group that actually gets used for the permission is the one that occurs last in the list of groups returned from Crowd's findGroupMemberships SOAP method.
This is (obviously) difficult behavior for the user to understand or modify.
Suggested change: Make the user's effective authz level that of the most permissive group they belong to. For example, if the SVNAuthz file looks like
[/path] @group1=r @group2=rw
and the principal belongs to both group1 and group2, then their effective permission would be "rw" because that is the most permissive permission.
Attachments
Issue Links
- is duplicated by
-
CWD-944 CrowdAuthzSVNAccessFile authorization does not select most permissive permissions
- Closed