Restrict Mercurial repository access

I have a Mercurial server using mercurial-server. I edited access.conf in hgadmin repo as follows:

deny repo=a/b
read user=x/**
read user=y/**

write repo=a/b user=x/abc
write repo=a/b user=y/z

But user z still can't access this repo. Any ideas?

Solution

The documentation mentions:

user=globpattern: path to the user's key

So the path of z's key might be wrong, or the path of the repo is off.

When considering a request, mercurial-server steps through all the rules in /etc/mercurial-server/access.conf and then all the rules in access.conf in hgadmin, looking for a rule which matches on every condition.
The first match determines whether the request will be allowed; if there is no match in either file, the request will be denied.

Other possibility: Maybe a deny rule (applicable for user z) is found first.

Any way to pull/update all subrepos?
How much space can your BitBucket account have?
Recommendation for very lightweight website framework
Deploying a Mercurial Repository to Production - Security Concerns and Tips
How to let TortoiseHg (Mercurial) on Windows use the Private Key file generated (by Puttygen)?
How do I list all of my Jenkins credentials in the script console?
Correct way to install Mercurial on Ubuntu
In Mercurial, can obsolete changesets be forced to become not obsolete?
Is there a way to use a Mercurial repository as Git submodule?
How do I search historic mercurial file content?
Equivant of git's --color-words or --word-diff in Mercurial
How can mercurial be run on android?
Diffing between two entire directories/projects in hg or git?
"ERROR:root:code for hash md5 was not found" when using any hg mercurial commands
Transplanting into one changeset
Finding the author of a line of code in Mercurial
Mercurial: annotate / blame current line number
Mercurial/TortoiseHg: Can multiple repositories share the exact same file(s)?
How to properly use hg share extension?
Cannot push into Mercurial, End of script output before headers: hgweb.cgi, TortoiseHg command returned code 255
Mercurial in WSL: HGEDITOR $PATH is different from my $PATH
how to run hg recover command on a remote repository
Is possible to change the default diff tool in Mercurial?
Is it safe to remove bundles in strip-backup folders?
How to manipulate Bitbucket repository with token?
Git equivalents of most common Mercurial commands?
Examining a single changeset in Mercurial
How to abandon an uncommitted hg merge?
Placing recent commits in a separate (named) branch in Mercurial (Hg)
Monotone-increasing Version Number based on Mercurial Commits