You are using a SSH tunnel. If I read the svn book correctly, you will need to set the permissions on the repository files themselves for the user you log in as, but you can also block users directly in the conf file:

When running over a tunnel, authorization is primarily controlled by operating system permissions to the repository’s database files; it’s very much the same as if Harry were accessing the repository directly via a file:/// URL.

If multiple system users are going to be accessing the repository directly, you may want to place them into a common group, and you’ll need to be careful about umasks. (Be sure to read the section called “Supporting Multiple Repository Access Methods”.)

But even in the case of tunneling, the svnserve.conf file can still be used to block access, by simply setting auth-access = read or auth-access = none.

(From "SSH authentication and authorization")

By the way, you say you are doing this on your hosting account. I tried that as well once, but had to give up because I was not allowed to add new SSH users. If you can’t add SSH user accounts, you can’t do fine-grained authentication through a tunnel – users will always have full access to the repo.

To use multi-user authentication independently from SSH, you’d have to integrate svn with Apache, something that’s usually impossible in a shared environment.

I ended up switching to a small Windows-based virtual server and installing Brain-dead easy svn wrapper VisualSVN Server there. It costs some money (about €20/month, I’ve seen Linux based virtual servers starting at $10) but I’ve been happy with it ever since. (Of course, you can just use Linux and set up svn with Apache, which is what VisualSVN does internally too.)