Decentralized version control tools do not provide a viable way to control access to specific files or directories within the repository tree.

For example, suppose that you want to protect a certain directory by preventing certain users from reading its contents. With a CVCS, most commands operate on part of the repository. Also, the central server is involved with all attempts to read repository data. This model makes it straightforward to control access by repository tree path.

With a DVCS, most commands operate upon the entire repository tree. Furthermore, a complete clone of the repository is already present on the user’s machine—there is no secure way of preventing them from reading it.

Users who choose decentralized version control typically must arrange things such that access control on a per-repository basis is sufficient.