4

I might propose migrating away from VSS due to its inability to grant and deny permissions at the file level. The question is what source control systems allow this.

Update I am marking the SVN answer as the "correct" one, since it had the most feedback. However, there is no correct answer. I will make my recommendations to management based on all your feedback.

Justin Dearing
  • 14,270
  • 22
  • 88
  • 161

7 Answers7

6

subversion does too, but the ACL is managed in a configuration file

Evert
  • 93,428
  • 18
  • 118
  • 189
  • The question is will someone sell me a GUI tool that will edit the apache config files and provide support. I'm ok with editing text files and running an open source product I don't pay for. Management is not. – Justin Dearing Jun 13 '09 at 23:52
  • No, but they'll give you one for free (I'd donate if you're pleased with it). The VisualSVN msc snap-in allows you to set permissions with an interface you'll be familiar with - down to the file level. – gbjbaanb Jun 14 '09 at 00:11
  • and you get Active Directory logins using it too, there's really very little reason not to upgrade to SVN. – gbjbaanb Jun 14 '09 at 00:12
  • If you don't want to run Apache, because the machine is already running IIS, then you can also use the svnserve.exe server. Google PainlessSVN, which deals with how svnserve works. – Hector Sosa Jr Jun 14 '09 at 00:25
  • There's a free GUI tool for managing Windows SVN servers: VisualSVN Server (http://www.visualsvn.com/server). The GUI supports access control down to the directory level - it's not clear from the description if it also supports file-level control (which is supported by svn in the config files). I used VisualSVN Server briefly a while back, so I'm by no means an expert, but it seemed a pretty nice package. – Michael Burr Jun 14 '09 at 02:20
  • off-topic: thanks all for pushing me to a 1000 reputation points :) – Evert Jun 14 '09 at 03:34
3

Perforce does.

Michael Burr
  • 333,147
  • 50
  • 533
  • 760
  • I'll have to test drive the perforce IDE integration. I used the command line version a bit for read-only access to the [Open Watcom](http://www.openwatcom.com) repository, but I will never be able to sell my company on something without Visual Studio support. – Justin Dearing Jun 13 '09 at 23:46
  • Perforce supports an SCC plug-in for VS integration. However, I've found VS's SCC support to not be great for any source control system (not Perforce's fault - I think SCC is probably a poor interface). Maybe your team will have a better opinion of it. – Michael Burr Jun 13 '09 at 23:49
  • I agree that VS SCC integration sucks in general, my colleagues do not. – Justin Dearing Jun 13 '09 at 23:53
  • [NiftyPerforce](http://code.google.com/p/niftyplugins/wiki/NiftyPerforceDocumentation) is a good alternative to VS SCC. It provides a lot of the same options (auto checkout, view revision history/timelapse, ...), but doesn't hang VS so much. – idbrii Oct 11 '12 at 18:18
3

I'm not really answering your question, but I think it's not a very useful feature to have permissions on VCS. People should know where they're allowed to commit, people should be reviewing commits, and if someone's committing where they're not supposed to:

  • You catch it in the review
  • You roll back the change (which is what a VCS is designed for)
  • You figure out why: was it a mistake, or on purpose?

If you're worried that people will make unauthorized changes, then you have a social problem that the permissions won't fix. If you're worried that people will accidentally make changes to the wrong code, then you have a different social problem (lack of review) that the permissions also won't fix.

Dietrich Epp
  • 205,541
  • 37
  • 345
  • 415
  • This may be fine for smaller organizations, but in a larger organization enforcing access control is often a requirement. There are also times when it might be a contractual requirement (and I wouldn't be surprised if at times there are even legal requirements). – Michael Burr Jun 14 '09 at 00:07
  • I agree sometimes problems like these require social convention and process (code reviews) as opposed to security. However, when dealing with things like outside contractors, and process control, such security has merit. – Justin Dearing Jun 14 '09 at 00:11
1

Mercurial does, with the bundled Acl extension

yanjost
  • 5,223
  • 2
  • 25
  • 28
1

Whatever its other flaws, IBM Rational Clearcase does support file-level permission controls. It also has other mechanisms that you can use - notably triggers which can be written to cause an otherwise permitted checkin to fail.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
  • SVN supports triggers. They call them hooks. Some will fail commits that don't meet certain conditions (e.g. one forces the files to all have mime types set) and others trigger external actions like continuous integration builds and email notifications. The fact that this is an IBM product might make this more palatable to my employer though. – Justin Dearing Jun 14 '09 at 11:51
0

Take a look at Plastic SCM and it's ACL model.

pablo
  • 6,392
  • 4
  • 42
  • 62
0

If you are using VSS now, Team Foundation Version Control (TFVS) is the logical upgrade, especially if your corporate mandate is Microsoft-only tools.

http://msdn.microsoft.com/en-us/library/ms364074.aspx

Robert Harvey
  • 178,213
  • 47
  • 333
  • 501