The following part of https://docs.tuleap.org/user-guide/code-versioning/svn-plugin.html
seems to be wrong:
Please note that it is not possible to restrict permissions already granted on the same directory.
For instance, a public project has the default permission file detailed above; it is useless to add a stricter rule on the root directory. For instance, adding:
will not prevent registered users to access the repository, since the default rule already grants this permission.
All predefined permissions can be overloaded. It seems that the last declaration wins.