Re: read-only CVS; selective check-in permissions

[Rachel]

Hi Marcel :

| Would it be possible to put CVS into read-only mode for a short
period of
| time i.e. switch on/off "a check-in allowed button"? Can I
temporarilly lock

If you want fined grained access control with CVS, you should look at
the
tool from WANdisco (http://www.wandisco.com). Their Enterprise Edition
has a full Role based ACL/Authorization model on top of  CVS. We now
use it
to manage our Repository security at multiple sites. For your needs
basically
you can use their Web GUI to lock (deny rule) down specify
cvsroot/file/dir/branch.
You can even specify a cron-job to trigger a deny rule for a specific
time period:
say for next 2 weeks deny all read/write access while engineering group
is
doing a merge etc. You can delete a deny rule easily from the Web UI
too.  They
maintain their own notion of  inherited groups/sub-groups and roles.
Priviliges like list/read/write/admin can be granted or denied to
roles/groups or users. You can even restrict by network mask or IP
address patterns.


| out certain users or lock-out all users and selectively grant
check-in
| permissions?

That's what we do. We have users mapped to specific groups. Within
groups we have defined roles like - developer, QA, release-engineering
etc. Every role has selective read/write access to the CVS repository.
When new users join a group, we simply assign them the correct
role/sub-group and they have appropriate access to the codebase. The
actual ACLs don't change very much, we mostly now manager users and
their roles/sub-groups.  The User/Group database and ACL database are
replicated too. So you can define a rule in one site and have it sync
up everywhere.