How to implement a hierarchical permission tree in the project-management tool Trac.
After installing Trac, the default permission settings are rather ‘permissive’.
I tend to lock things down in the following way: I create a set of groups, and every higher-level group has additional permissions compared to the lower-level group. The following groups are created:
- guests are able to view the site
- readers additionally have access to the source browser
- developers have read permission, next to ticket creation, wiki access, report and log access
- managers additionally can admin milestones and roadmap
- admins have full access.
Adding a new user to the permission list is then simply a matter of adding her/him to the correct ‘group’.
Setting up this permission hierarchy can be sone by executing trac-admin on the folder that contains your site database.
All required actions are listed in a text file.