Restrict read access to files by user or group

There are institutions who want to move to Git from SVN or Perforce but are not able to because they need to control read and write access on a file by file basis. Enforcing codeowners on protected branches adds the ability to set file level write controls, but doesn't address read access controls.

Most organizations interested in read access control are interested for preventing IP loss. Commit messages and files names can reveal information about the architecture of systems and other detailed information. The best commit messages describe very clearly why and what the commit does, which could reveal information about trading algorithms or memory chip design etc.

Typically, read access controls would need to:

• prevent any user without read access to a file knowing that the file exists
• prevent any user seeing commit messages that do not relate files they do not have read access to

These requirements closely model what is supported by SVN:

• path based authorization
• logs scoped to directory

Work around

Read access can be limited project by project. Git submodules can be used in a way that takes advantage of this by splitting a project into different smaller projects and limiting read access to each project.

Proposal

Git does not support these restrictions natively.

TBD

Links / references

• https://github.com/twosigma/git-meta
• https://gitlab.com/gitlab-org/gitlab-ee/issues/4418
• http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
• http://svnbook.red-bean.com/en/1.7/svn.ref.svn.c.log.html