The following sample scenarios are provided to help you understand how the different security levels work. Depending on your company’s needs and business processes, you may only want to set server security. If your needs are more complex, or your business process dictates restricting users to specific data, you may decide to set repository and/or branch security.
WysiCorp, a fictional company, develops customized software applications for multiple customers. Many of these customers are competitors and require a high level of security and confidentiality. To ensure that all development goals are met, WysiCorp’s development teams, TeamA and TeamB, are assigned to one company for the duration of a project. Other teams, such as Project Leads and QA, may be assigned to more than one company at a time.
WysiCorp, the mainline branch, includes the following repositories: Client and Server. The Client repository includes two subrepositories, CompanyA and CompanyB. The CompanyA subrepository includes two baselines branches, Development and Released.
Members of the Project Leads security group are administrators and have access to all commands. Members of the TeamA and TeamB security groups have access to some commands, such as adding files or viewing file history. The QA security group is restricted to read-only security.
WysiCorp does not want TeamA members to have access to the CompanyB subrepository or TeamB members to have access to the CompanyA subrepository. Repository security is applied to the CompanyA and CompanyB subrepositories. The TeamA security group is restricted from viewing the CompanyB subrepository. The TeamB security group is restricted from viewing the CompanyA subrepository.
When viewing CompanyA repository properties, the Inherited From column changes from <server level default> to <not inherited> for the TeamB security group. This indicates the server security is overridden.
After code is released to customers, it is important to stop development on that code. Branch security, limited access to the release code, is applied to the Released branch in the CompanyA subrepository. The TeamB security group is restricted from viewing the CompanyB subrepository. In addition, all other groups only have list-only access to the Released branch.
When viewing CompanyA repository properties, notice the only groups listed are Team B and <All other groups>. In addition, the Inherited From column changes from <server level default> to <not inherited>. This indicates the server security is overridden.