I have a test user added to two groups. The LimitedAccess group has these repo server permissions for TestRepo:
The PlasticTestGroup has these repo server permissions:
The PlasticTestGroup has these specific repo permissions for TestRepoForUVC:
The LimitedAccess group does not have any special permissions for this repo.
I have a user that has been placed in both groups.
What I would have expected is that this user would then be able to see the TestRepoForUVC repo and nothing else. Instead, they are unable to see any repos.
I thought the Allow override would override ALL Deny settings. But it seems to only override permission within the same group.
If so, this is a bit of a problem, in that I’m trying to manage users that might belong to multiple groups, and some of those groups need only read access to certain repos, while others need write access to a subset of those repos (and other repos). I’m trying to avoid making a million groups (or just setting up all access per-user). This is especially a problem since by default plastic gives users lots of permissions, so you MUST deny them permissions if you don’t want them to see every repo.
Any explanation on how Plastic is handling this and if I’m understanding correctly?