Table of Contents

Overview of Security Model

HgLab has pretty sophisticated Security Model, so understanding it is key to correctly implementing HgLab in your environment.

Security Model in HgLab


Catalog is where HgLab stores information about Users and Groups. HgLab can support an unlimited number of Catalogs, with each being one of the following types:

  • Integrated Catalog stores authentication information directly in HgLab database and authenticate users locally.
  • LDAP Catalog allows HgLab to connect to an external LDAP server (e.g. ActiveDirectory) and authenticate Users against the LDAP directory.

HgLab comes with an Integrated Catalog already built-in that is enabled by default at installation. When you create the first System Administrator during the setup procedure, that administrator's username and other details are stored in the Integrated Catalog.

Why Catalogs?

Imagine the following scenario: you have your in-house developers already authenticating against your ActiveDirectory. Now you want to grant access to your HgLab installation to a number of outside contributors. Without Catalogs this would require either adding these outsiders to an ActiveDirectory (not the best idea) or duplicating authentication information in HgLab, which is not good either. With Catalogs, you just create an additional External Contributors Catalog, and add these trusted people over there. When they're all done, just disable the Catalog and they will be denied access to your HgLab installation.


HgLab has two levels of Permissions: System-level and Project-level.

System-level Permissions are assigned to Groups, so Users get this permissions by becoming a member of the required Group. Project-level Permissions are assigned to Roles, so Users can be granted these permissions by becoming a Team member of a particular Project.

System-level Permissions include:

  • Collaboration permission should be granted to every user that signs in to HgLab or connects to it using any of the Mercurial clients.
  • Administration enables users to access Administration Area.
  • Project Management enables users to add and remove Projects.
Note that in order to be able to use HgLab, a user must be granted "Collaboration" System-level permission.

Project-level Permissions include:

  • Repository Management allows users to create, modify settings and delete Repositories.
  • Team Management allows users to create and edit Teams.


Groups are essentially containers for Users, who can be granted System-Level Permissions by being a member of a Group.


A User is anybody who can sign in to HgLab or connect to it using Mercurial client.

Each User can be a member of any number of Groups, thus receiving a number of System-Level Permissions.

Additionally, each User can be a member of any number of Teams within a particular Project, receiving Project-Level Permissions.

comments powered by Disqus

Take HgLab for a Spin

Try HgLab now. Full-featured 45-day evaluation, no credit card required.