Permission hierarchy for Trac

How to implement a hierarchical permission tree in the project-management tool Trac.

After installing Trac, the default permission settings are rather ‘permissive’.

I tend to lock things down in the following way: I create a set of groups, and every higher-level group has additional permissions compared to the lower-level group. The following groups are created:

  • guests are able to view the site
  • readers additionally have access to the source browser
  • developers have read permission, next to ticket creation, wiki access, report and log access
  • managers additionally can admin milestones and roadmap
  • admins have full access.

Adding a new user to the permission list is then simply a matter of adding her/him to the correct ‘group’.

Setting up this permission hierarchy can be sone by executing trac-admin on the folder that contains your site database.

All required actions are listed in a text file.

Download: trac_permissions.txt