LDAP vs. READ Permissons

christian.pommer · December 5, 2022, 3:05pm

Hello,
all users of my SCM Manager installation can view all repositories on the server. The rights to each repository are only with the creators, but still everyone can see them. My SCM is connected to LDAP.
Where could be my error.
Thanks a lot!
Christian

eheimbuch · December 5, 2022, 6:19pm

Hey Christian,

it sounds like all users have a group which is permitted to read all repositories. I would check the group _authenticated first.

Edit: If you use anonymous access for SCM-Manager and the anonymous user account is permitted to see all repositories, all users could see your repositories without even be logged in.

Regards, Eduard

christian.pommer · December 6, 2022, 8:16am

Dear Eduard,
thank you very much for your answer.
I have checked the SCM Anonymous. All permissions are disabled - no check mark.
The users of the _authenticated group are only allowed to create, archive and export repositories.
Thanks and greetings
Christian

eheimbuch · December 6, 2022, 8:41am

Okay, you could also check:

Is there any group with “read all repositories” permission? Is anonymous user included?
Is this permission set on namespace level? Maybe for a group?

Besides direct permissions there are also “permission roles” which may allow to be read, write or owner for your repositories.

christian.pommer · December 6, 2022, 10:04am

I have only one group, called _authenticated. The checkmark is set at “Members of this group are managed by an external system”. The group is only authorized to create, archive or export repositories.
Where can I check “permission set on namespace level”?
Thanks a lot for your help!

eheimbuch · December 6, 2022, 12:13pm

Click this blue gear wheel on top of your repository namespace on your overview. But if you didn’t know about this it should be pretty unlikely.

christian.pommer · December 6, 2022, 1:26pm

Sorry I was just confused, I know of course they are namespaces. Permissions in all namespaces are empty. There are no group or user permissions transactions.

christian.pommer · December 7, 2022, 1:47pm

I was able to solve the problem. The group _authenticated must only have the right to create repositories. As soon as you give it the right to export or archive, every user of this group can also see all repositories. But this was not the case before one of the last updates. I think this is a bug.

eheimbuch · December 7, 2022, 7:08pm

Thank you for the report. We will discuss this and look for a solution.

Topic		Replies	Views
Anonymous Access and Group Permission Bug Reports SCM-Manager	2	195	May 22, 2023
Updating permissions programatically SCM-Manager	2	157	July 31, 2023
Why am I seeing this in the log? SCM-Manager	21	671	June 14, 2022
LDAP Configuration SCM-Manager	1	178	August 2, 2023
As an administrator I want to see the groups a user is a member of Feature Requests SCM-Manager feature-request	3	379	November 24, 2021

LDAP vs. READ Permissons

Related Topics