All project content is available for reading, but you need to be a member of the project for Subversion checkout of source code, or to create/modify any information.
Login if you are a member. Apply here to request membership (open to all).

Users, Groups and Permissions

Project Administrators have full control over who can access the project environment and source code repository.

Project Environment

The Project Environment has an Admin section for project owners that includes a section for Permissions.

The permission system works along a basic system that each module in the environment controls access by checking for certain rights.

Available privileges

There are a number of permissions available that can be granted to users. The full list is always available in the drop-down of the 'Permissions' Admin panel, and the following often-used permissions should give a good starting point to understand the structure and common usage - other permissions would usually also follow this pattern:

Repository Browser

BROWSER_VIEW View directory listings in the repository browser
LOG_VIEW View revision logs of files and directories in the repository browser
FILE_VIEW View files in the browser
CHANGESET_VIEW View repository check-ins

Ticket System

TICKET_VIEW View existing tickets and perform ticket queries
TICKET_CREATE Create new tickets
TICKET_APPEND Add comments or attachments to tickets
TICKET_CHGPROP Modify ticket properties
TICKET_MODIFY Includes both TICKET_APPEND and TICKET_CHGPROP, and in addition allows resolving tickets
TICKET_EDIT_DESCRIPTION Allows modify permission for the description field only (standalone permission)
TICKET_EDIT_CC Allows user to see (and edit) the full list of users on the ticket CC: list (standalone permission)
TICKET_ADMIN All TICKET_* permissions, plus the deletion of ticket attachments.


MILESTONE_VIEW View a milestone
MILESTONE_CREATE Create a new milestone
MILESTONE_MODIFY Modify existing milestones
MILESTONE_DELETE Delete milestones
ROADMAP_VIEW View the roadmap page


REPORT_VIEW View reports
REPORT_SQL_VIEW View the underlying SQL query of a report
REPORT_CREATE Create new reports
REPORT_MODIFY Modify existing reports
REPORT_DELETE Delete reports
REPORT_ADMIN All REPORT_* permissions

Wiki System

WIKI_VIEW View existing wiki pages
WIKI_CREATE Create new wiki pages
WIKI_MODIFY Change wiki pages
WIKI_DELETE Delete wiki pages and attachments
WIKI_ADMIN All WIKI_* permissions, plus the management of readonly pages.


TIMELINE_VIEW View the timeline page
SEARCH_VIEW View and execute search queries

The something_ADMIN privileges are just shortcuts that can be used to grant a user all the something privileges in one go. Having TRAC_ADMIN is like being root on a *NIX system, it will let you do anything you want.

Note that further permissions may be described on the relevant Help page for the feature, such as HelpUser/Blog. Do a (help) search for the permission to find relevant information.

Setting permissions

Using groups is highly recommended for assigning privileges to users. This means assigning the privileges to a group, and then assigning users to groups. If not, the permission list might become very long and difficult to administrate.

Using groups have another advantage: Groups can automatically be made groups in the Subversion repository access configuration. This is done by having the group start with the character @. Having groupnames start with @ also makes it easy to identify it as a group in the permission list.

Assign a right to a user or group

Assign a right to a user:

Assigning user to group.

Assign a right to a group - as a better alternative:

Assign a right to a group.

And then assigning the user to a group:

Assign a right to a user.

This should result in a permission list looking something like this:

Example permissions list.

Subversion Repository Access

The repository permission follow the standard for Subversion access file configuration by defining a section corresponing to a directory, and giving a user or group "read", "write" or "no" permission. The file specification follow a de facto config file standard grouping option = value settings under a [section].

Note: All permission groups (from above) that start with @ can automatically be used as access groups in the Subversion access file.

The sections are directories, and a starting point is always the repository root directory:

@owner = rw
@member = r

-- meaning that anyone in @owner group has read/write access, while all @members can read it.

Rights are inherited, and if no other settings are made, these rights will stand for all directories in the repository. However, at any time can rights be both added and removed further down the hierarchy.

Summary of available options for a user/group:

# Giving read access:
@member = r

# Extending to having write access:
@member = rw

# Specifying no right to a given directory
@member =

Some further examples - based on the basic configuration above:

# Remove rights to a private directory for members (owners will inherit 'rw' access)
@member =

# Or, similarly extending rights further down allowing personal directories.
userone@domain.com = rw

Links to other relevant information: HelpAdmin/PublicInformationPage