Implicit list folder permission for parents of readable paths

VisualSVN Server provides an extension for path-based authorization that allows users to browse to any location they have read access to, starting from the server root.

Overview

Starting from version 5.0, VisualSVN Server provides a per-repository authorization option named Implicit list folder permission for parents of readable paths. It allows users to navigate to any readable path without requiring read access to all parent folders of that path.

Imagine that a user has read access to /repos/project/trunk. Previously, this would mean that:

  • The user cannot browse to this location starting from the server root.
  • The user cannot access it unless he knows the repository name and the exact path.
  • The user cannot see the repository in the repository list.

To remove these drawbacks, VisualSVN Server 5.0 adds a per-repository option that automatically grants list folder permission to parents of paths readable by a user. These permissions do not grant read access to the content, but allow entering the corresponding folders.

Tip
The List folder permissions are called «implicit» due to their ephemeral nature. They only exist internally in the implementation of the authorization system; they cannot be edited and are not shown in the user interface.
Note
We recommend enabling this option for all existing and new repositories. For convenience, its state for new repositories can be changed in the server configuration.

Interactive example

Imagine a repository with read access permission for /repos/project/trunk. The table below shows the detailed permission state and the corresponding client behavior.

Permissions
/repos
List folder
List folder
Read contents
/repos/project
List folder
List folder
Read contents
/repos/project/trunk List folder Read contents
Client behavior
repos is shown in the repository list.
repos is not shown in the repository list.
/repos/project/trunk is discoverable starting from the server root.
/repos/project/trunk is not discoverable starting from the server root.
/repos/project/trunk is accessible without knowing the repository name and exact path.
/repos/project/trunk is not accessible without knowing the repository name and exact path.
/repos/project/trunk can be checked out or downloaded.

Configuring implicit list folder permission

The option to enable Implicit list folder permission for parents of readable paths is part of the per-repository authorization settings and can be found on the Advanced Security Settings dialog:

Advanced security settings

Follow these steps to enable implicit list folder permissions for a repository in VisualSVN Server Manager:

  1. Start the VisualSVN Server Manager console.
  2. Expand the Repositories node.
  3. Right-click the repository and click Properties.
  4. Click Advanced to open the Advanced Security Settings dialog.
  5. Select the Implicit list folder permission for parents of readable paths checkbox.
  6. Click OK to close the dialog.
  7. Click Apply in the Properties of the repository.

The authorization settings used by the Subversion and Windows authentication modes have independent values for this option. If you are using separate authorization profiles for distributed VDFS repositories, then you should configure it separately for each profile too.

The option can also be changed by using the Set-SvnAccessConfiguration PowerShell cmdlet.

Default implicit list folder permission setting for new repositories

VisualSVN Server allows configuring the state of the Implicit list folder permission for parents of readable paths option for all new repositories. The state of this option applies to all repositories created in VisualSVN Server Manager or with VisualSVN Server PowerShell.

Server security settings

Follow these steps to enable implicit list folder permissions for all new repositories:

  1. Start the VisualSVN Server Manager console.
  2. Click the Action | Properties main menu command.
  3. Click the Security tab.
  4. Select Implicit list folder permissions for parents of readable paths.
  5. Click Apply.

See also

KB33: Understanding VisualSVN Server authorization
KB122: Understanding access permissions for distributed VDFS repositories

Last Modified: