Security Implication for Subversion commits in Activity Stream

Summary

This article describes Subversion commits security implications within the new CloudForge Activity Stream.

Activity Stream Security

With the new CloudForge Activity Stream, you now have visibility into your development activities.  The security for activities in the Activity Stream is based on whether you have access to a specific service within the project.  For example, if you have SVN read access on project A, but no git read access on project A, then you will only see SVN commits in the Activity Stream for project A.

SVN, however, has additional levels of security, down to folders / paths.  Within SVN, it is possible to grant R/W permissions down to the folder / path level.  Therefore, it is possible to have access to folder1 but not folder2.

The Activity Stream security, for SVN, does not go down to the folder / path level.  Therefore, if "Users with read access can see all commits in their activity feeds" is ON for a specific SVN service (Project -> SVN -> Settings), then users with any level of access in the sub-folder / path in SVN will be able to see ALL commits in the SVN service.

However, remember that the actual SVN read and write security is still in effect.  Just because a user can see commits in the Activity Stream, if they don't have read access to the actual SVN folder / path, then they will not be able to access it via SVN client or command line, and they won't be able to write / commit to it either.

If you have the Administrator Role (default role within CloudForge) on any SVN service, you will be able to see all SVN acitivities within that service, even if "Users with read access can see all commits in their activity feeds" is OFF.  The setting applies to users of the service, not admins.

Security Options

Therefore, if your project is open, collaborative, and it is ok from a security perspective for users to see activities in other folders / paths of your SVN repository, then turning ON "Users with read access can see all commits in their activity feeds" option is the right option for you.  This is a PER SVN SERVICE level setting.  By default, this is ON for CloudForge accounts that creates an SVN service.

However, if for security reasons, you cannot have users see commits in the Activity Stream for folders / paths that they don't have access to within a SVN repository, then you can set the "Users with read access can see all commits in their activity feeds" option to OFF.

This option is specific for SVN service, and can be turned on or off by going to your specific Project -> SVN -> Settings by an Administrator.

 

Would you like your users to see 
Subversion commits in your activity stream? Read [link a new window to this article: https://help.cloudforge.com/View.
jsp?procId=7bed228a3aaad4ddce7ba59b59da74c5] to understand security implications.  Click Here [link] to enable 
Subversion commit activities for all projects

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.