How to restrict users from seeing a repository
Article ID: 77516
Updated On:
Products
CA Harvest Software Change Manager - OpenMake Meister
Issue/Introduction
We have a user group that should only be allowed to see one of the repositories attached to their project. We tried to remove the group from the "View Access" list for all other repositories but they can still see them all. How do we accomplish this?
Environment
CA Harvest SCM all versions and platforms
Resolution
When you right click on the repository name in Administrator Tool, and go to the Properties window and the Access tab, the permissions you are altering are those for the repository “object”, not the files and folders within the repository. So this would control things like who would be able to see the existence of this repository in the Administrator Tool, who could change the name of the repository or the description, or how file extensions are handled.
When you right click on a folder or file within the repository, and go to the Properties Window and the Access tab, you are controlling permissions to see and update that folder and all its contents.
So to accomplish what you are wanting to do, you are updating the wrong access list.
In Administrator Tool, on the Repositories tab, right click on each root-level folder and file in the repository and select Properties
Remove the “Public” user group and add the user groups who should be allowed to see this folder or file:
Any change in permissions you make for a folder will cascade down to all the folders and files inside it. So you only need to do this for the top-level folders. You will also need to do this for any files that have been checked in at the root level of the repository.
The one catch with this is that you cannot set this type of access permission for the repository as a top-level folder. So there are 2 consequences to that:
- All users will be able to see the repository folder, but not the contents inside the folder unless they have been granted permission.
- Any user with permission to check things in would be able to check in new files and folders to the repository where permission has been restricted. The new files or folders will come in with “Public” access permission. This can be reset after check in completes from the Administrator Tool.
When you right click on a folder or file within the repository, and go to the Properties Window and the Access tab, you are controlling permissions to see and update that folder and all its contents.
So to accomplish what you are wanting to do, you are updating the wrong access list.
In Administrator Tool, on the Repositories tab, right click on each root-level folder and file in the repository and select Properties
Remove the “Public” user group and add the user groups who should be allowed to see this folder or file:
Any change in permissions you make for a folder will cascade down to all the folders and files inside it. So you only need to do this for the top-level folders. You will also need to do this for any files that have been checked in at the root level of the repository.
The one catch with this is that you cannot set this type of access permission for the repository as a top-level folder. So there are 2 consequences to that:
- All users will be able to see the repository folder, but not the contents inside the folder unless they have been granted permission.
- Any user with permission to check things in would be able to check in new files and folders to the repository where permission has been restricted. The new files or folders will come in with “Public” access permission. This can be reset after check in completes from the Administrator Tool.
Additional Information
More details on Item Path and Item Access can be found here: https://docops.ca.com/ca-harvest-scm/13-0/en/administrating/control-object-access/object-level-access/item-path-and-item-access
Feedback
Yes
No
Powered by
