Subversion (SVN) protected directories are SVN's way to control access to sensitive and mission-critical code, data, and assets. They add an Access Control List (ACL) to your SVN repository based on a path-based authorization to limit permissions for certain users to certain directories/files.
By protecting your SVN directories, you can control which users are allowed to contribute new code to your repository or restrict them from accessing certain directories at all.
Understanding path-based authorization permission levels
With Assembla protected SVN directories, you can set directory permissions to read-only access, or restrict access completely.
Note: Permissions apply to all users in the repository. To exempt certain users from the default protections settings you set, you must whitelist them by adding their usernames under Grant permissions to.
Understanding the available permissions types
The available authorization permission types include:
Default. The default setting for Assembla SVN repos, which allow for read and write privileges.
Read-only. Restricts all users to read-only privileges for the specified directories in your protection setting, except those users explicitly named under Grant permission to.
No access. Completely hides specified directories for all users in the repository except those whitelisted under Grant permission to, in both the Assembla WebApp and any client/command-line tools used to access your SVN repo.
In the following example, this demo SVN repo's default permissions set for the directory /trunk are changed to No access for all users in the repository. Only the user npollard is granted the permission Read-only to the directory /trunk and any children directories it contains. No other users can view the files under /trunk from the Assembla WebApp or check out those files with their local client.
Path directory wildcards. To set permissions for a specific directory or directory path regardless of what branch or directory it belongs to, use a * wildcard when setting the directory path permissions. For example, permissions set for */projectA will grant the same level of permissions for both /branch1/projectA and /branch2/projectA.
Changing default repository access permissions
To change the default repository access permissions
In Assembla, select the SVN repo you would like to protect, and then click Settings > Protected Directories. You must be an "Owner" on the project to view the Settings sub-tab.
In the Directory Path field, enter the directory path for which you would like to change the default access permissions levels (for example, /trunk/projectA), or use a wildcard to specify a sub-path regardless of branch (for example, */projectA). To add path-based auth to multiple directories at the same time, simply add each relative path on a new line. This sets permissions for the directory path and all its children.
In the Permission dropdown, select the type of permission you would like to set as the default for the directory.
In the Grant permission to field, type the usernames for the team members who you want to grant access for write permissions to the directory (exempted from the new default level of access).
Click Protect Directory.
Editing or removing directory protections
If you are an “Owner” of the project space, you can add or remove protections on directories in an SVN repo at any time.
Simply navigate to the Protected Directories menu of the SVN repo’s Settings tab and click on the edit (pencil) icon next to the directory you want to change. Add more users by starting to type in their name or Assembla username, or remove users by deleting them from the list, and then clicking Submit.
Note: If protections are not specified for a user, they are granted the default level of permissions on the directory.
To remove directory protection from a directory completely, click the trashcan icon to the right.
Viewing protected directories in the web browser
Team members who are allowed access to the protected directory will see the directory marked with a green lock icon when viewing from the Assembla WebApp. Other team members will see it marked with a red lock icon, and will not be able to view the contents of the restricted directory in the browser or from their local client.