Restrict read access to files by user or group
There are institutions who want to move to Git from SVN or Perforce but are not able to because they need to control read and write access on a file by file basis. Enforcing codeowners on protected branches adds the ability to set file level write controls, but doesn't address read access controls.
Most organizations interested in read access control are interested for preventing IP loss. Commit messages and files names can reveal information about the architecture of systems and other detailed information. The best commit messages describe very clearly why and what the commit does, which could reveal information about trading algorithms or memory chip design etc.
Typically, read access controls would need to:
- prevent any user without read access to a file knowing that the file exists
- prevent any user seeing commit messages that do not relate files they do not have read access to
These requirements closely model what is supported by SVN:
Work around
Read access can be limited project by project. Git submodules can be used in a way that takes advantage of this by splitting a project into different smaller projects and limiting read access to each project.
Proposal
Git does not support these restrictions natively.
TBD