Using permissions
Permissions can be set on IPLM Web, PiCLI, or the Perforce IPLM API, and can be set per object, or by IP Hierarchy.
Setting IP permissions on IPLM Web
In an IP, select the Permissions tab. There is a selector that allows you to toggle between Users and Groups.
Once configured, select Save.
Command line
Permissions are managed on IPLM CLI using the 'pi perm' commands:
pi perm commands
> pi perm -h
Usage: pi perm [-h] SUBCOMMAND ...
Description: Commands related to Permissions. These subcommands are used to
add, delete, list, and set Permissions on Libraries, IPs, and Lines.
Optional arguments:
-h, --help Show this help message and exit
Available sub-commands:
SUBCOMMAND
add Add new Permissions, existing ones are unchanged.
delete (del, remove, rm)
Delete Permissions from Libraries, IPs, and Lines.
list (ls) List Permissions of Libraries, IPs, and Lines.
set Set new Permissions, existing ones are removed.
pi perm add versus pi perm set
The 'pi perm add' and 'pi perm set' commands are equivalent with the difference that 'pi perm add' will leave any existing permissions not covered by the permission expression used in the command as they were. 'pi perm set' removes any other permissions associated with the targeted user or group and applies the new permissions, which are the only permissions set on the object for the targeted user or group.
| Command | Description |
|---|---|
| pi perm add |
|
| pi perm set |
|
pi perm set Command
> pi perm set -h
Usage: pi perm set [-h] [--all-ip] [--all-lines] [--tree]
permissions [permissions ...] identifier [identifier ...]
Description: Set Permissions on Libraries, IP and Lines. This command causes
any Permissions already set on the Libraries, IP and Lines objects to be
replaced by the specified Permissions. Any Permissions previously set will be
lost.
Positional arguments:
permissions Each access specifier is of the form <type>:<who>:<perm> where
<type> is either u or g, <who> is the name of the user or
group, and <perm> is any combination of o, w, and either r or v
(but not both). View perms (v) can only be set on IP Lines,
if set on an IP the view perm will propagate to the default
TRUNK line and read (r) permission will be set on the IP.
identifier Libraries, IP and/or Lines to set the Permissions on. Libraries
are specified as <library_name>. where the period (.) suffix is
required, IP are specified as <library_name>.<ip_name> and
Lines are specified as <library_name>.<ip_name>@.<line_name>
Optional arguments:
--all-ip For a library argument, set the Permission on all IPs in that
Library. For IP and Line arguments, this option is ignored.
Perms set on an IP will propagate to the default TRUNK line.
--all-lines For a Library argument, set the Permissions on all Lines of every
IP in that Library. For an IP argument, add the Permissions to all
Lines of that IP. For Line arguments, this option is ignored.
--tree For a Line argument, set the Permissions on the Lines, IPs, and
Libraries of all IPV in the resource hierarchy of the latest IP
Version on the Line. For an IP argument, this option uses the
resource hierarchy of the latest Version of the IP on the IP's
default line. For Library arguments, this option is an error. If
the permissions field contains view permissions, affected lines will
have view permissions set, while affected IPs and Libraries will have
read permissions set.
-h, --help Show this help message and exit.
pi perm add Command
> pi perm add -h
Usage: pi perm add [-h] [--all-ip] [--all-lines] [--tree]
permissions [permissions ...] identifier [identifier ...]
Description: Add new Permissions, existing ones are unchanged.
Positional arguments:
permissions Each access specifier is of the form <type>:<who>:<perm> where
<type> is either u or g, <who> is the name of a user or group,
and <perm> is any combination of o, w, and either r or v (but
not both). View perms (v) can only be added to IP Lines, if
added to an IP the view perm will propagate to the default
TRUNK line and read (r) permission will be added to the IP.
identifier Library, IP and/or Line to add the Permissions to. Libraries
are specified as <library_name>. where the period (.) suffix is
required. IPs are specified as <library_name>.<ip_name> and
Lines are specified as <library_name>.<ip_name>@.<line_name>
Optional arguments:
--all-ip For a Library argument, add the Permissions to all IPs in that
Library. For IP and Line arguments, this option is ignored.
Perms added to an IP will propagate to the default TRUNK line.
--all-lines For a Library argument, add the Permissions to all Lines of
every IP in that Library. For an IP argument, add the
Permissions to all Lines of that IP. For Line arguments, this
option is ignored.
--tree For a Line argument, add the Permissions to the Lines, IPs, and
Libraries of all IPV in the resource hierarchy of the latest IP
Version on the Line. For an IP argument, this option uses the
resource hierarchy of the latest Version of the IP on the IP's
default line. For Library arguments, this option is an error. If
the permissions field contains view permissions, affected lines
will have view permissions added, while affected IPs and Libraries
will have read permissions added.
-h, --help Show this help message and exit.
| Command Option | Description |
|---|---|
| --all-ip |
|
| --all-lines |
|
| --tree |
|
Deleting permissions
Use pi perm delete to remove permissions from Perforce IPLM objects.
pi perm delete Command
> pi perm del -h
Usage: pi perm delete [-h] [--all-ip] [--all-lines] [--tree]
permissions [permissions ...] identifier
[identifier ...]
Description: Delete Permissions from Libraries, IPs, and Lines.
Positional arguments:
permissions Each access specifier is of the form <type>:<who>:<perm> where
<type> is either u or g, <who> is the name of a user or group,
and <perm> is any combination of o, w, and either r or v (but
not both). View perms (v) can only be attached to IP Lines.
identifier Library, IP and/or Line to delete the Permissions from.
Libraries are specified as <library_name>. where the period (.)
suffix is required, IPs are specified as
<library_name>.<ip_name> and Lines are specified as
<library_name>.<ip_name>@.<line_name>
Optional arguments:
--all-ip For a Library argument, delete the Permissions from all IPs in
that Library. For IP and Line arguments, this option will be
ignored.
--all-lines For a Library argument, delete the Permissions from all Lines
of every IP in that Library. For an IP argument, delete the
Permissions from all Lines of that IP. For Line arguments, this
option will be ignored.
--tree For a Line argument, delete the Permissions from the Lines,
IPs, and Libraries of all IPV in the resource hierarchy of the
latest IP Version on the Line. For an IP argument, this option
uses the resource hierarchy of the latest Version of the IP on
the IP's default line. For Library arguments this option is an
error. A request to delete either view or read permissions will
delete both read permissions (all affected objects, including
lines) and view permissions (lines with view permissions)
-h, --help Show this help message and exit.
| Command Option | Description |
|---|---|
| --all-ip |
|
| --all-lines |
|
| --tree |
|
Listing permissions
The 'pi perm list' command is used to list permissions. Providing a permission specification to the permission list command will filter the output by the contents of the permission specification.
pi perm list Command
> pi perm ls -h
Usage: pi perm list [-h] [--all-ip] [--all-lines] [--tree] [--format {json}]
[permissions [permissions ...]]
[identifier [identifier ...]]
Description: List Permissions of Libraries, IPs, and Lines.
Positional arguments:
permissions Each permission filter is of the form
[<type>]:[<who>]:[<perm>] where <type> is either u or g,
<who> is the name of a user or group, and <perm> is any
combination of o, w, and either r or v (but not both).
View perms (v) can only be attached to IP Lines. Omitting
<type>, <who>, or <perm> from a filter implies all.
identifier Library, IP and/or Line to list the Permissions of.
Optional arguments:
--all-ip For a Library argument, list the Permissions of all IPs in
that Library. For IP and Line arguments, this option will be
ignored.
--all-lines For a Library argument, list the Permissions of all Lines
of every IP in that Library. For an IP argument, list
the Permissions of all the Lines of that IP. For Line
arguments, this option will be ignored.
--format {json} Return the results using the specified data structure.
Default format will display a table.
--tree For a Line argument, list the Permissions on the Lines,
IPs, and Libraries of all IPV in the resource hierarchy of
the latest IP Version on the Line. For an IP argument, this
option uses the resource hierarchy of the latest Version of
the IP on the IP's default line. For Library arguments this
option is an error. If the permissions field contains view
permissions, lines will display their view permission, while
IPs and Libraries will display their corresponding read
permissions.
-h, --help Show this help message and exit.
| Command Option | Description |
|---|---|
| --all-ip |
|
| --all-lines |
|
| --format json |
|
| --tree |
|
Example permission commands
List all permissions for a specific user:
Listing All Permissions for a Specific User
> pi perm list u:ada: ┌──────────────────────────────┬───────┬───────┬───────┬───────┐ │ │ OWNER │ WRITE │ READ │ VIEW │ ╞══════════════════════════════╪═══════╪═══════╪═══════╪═══════╡ │ ARM. │ │ │ u:ada │ │ │ ARM.cortex2 │ │ u:ada │ u:ada │ │ │ ARM.cortex2@.TRUNK │ │ u:ada │ u:ada │ │ │ Data-Converter. │ │ │ u:ada │ │ │ Data-Converter.sd_adc │ u:ada │ u:ada │ u:ada │ │ │ Data-Converter.sd_adc@.TRUNK │ u:ada │ u:ada │ u:ada │ │ │ Mem. │ │ │ u:ada │ │ │ Mem.nand_flash │ │ u:ada │ u:ada │ │ │ Mem.nand_flash@.TRUNK │ │ u:ada │ u:ada │ │ │ Mem.nor_flash │ │ u:ada │ u:ada │ │ │ Mem.nor_flash@.TRUNK │ │ u:ada │ u:ada │ │ │ PDK. │ │ │ u:ada │ │ │ PDK.MS90G_LP │ │ u:ada │ u:ada │ │ │ PDK.MS90G_LP@.TRUNK │ │ u:ada │ │ u:ada │ │ PLL. │ │ │ u:ada │ │ │ PLL.cyclone_pll │ u:ada │ u:ada │ u:ada │ │ │ PLL.cyclone_pll@.TRUNK │ u:ada │ u:ada │ u:ada │ │ │ PLL.tms_pll │ u:ada │ u:ada │ u:ada │ │ │ PLL.tms_pll@.TRUNK │ u:ada │ u:ada │ u:ada │ │ │ tutorial. │ │ │ u:ada │ │ │ tutorial.tutorial │ u:ada │ u:ada │ u:ada │ │ │ tutorial.tutorial@.TRUNK │ u:ada │ u:ada │ u:ada │ │ │ tutorial.verif_config │ u:ada │ u:ada │ u:ada │ │ │ tutorial.verif_config@.TRUNK │ u:ada │ u:ada │ u:ada │ │ └──────────────────────────────┴───────┴───────┴───────┴───────┘One user or group is listed per output line of the table format, and lines are sorted alphanumerically by Library, IP, Line, Group, then User.
Set read and write permissions for a user on a line:
Setting Read and Write permissions for a user on a Line
> pi perm set u:ada:wr tutorial.padring@.L1 > pi perm list tutorial.padring@.L1 ┌──────────────────────┬───────┬───────┬───────┬───────┐ │ │ OWNER │ WRITE │ READ │ VIEW │ ╞══════════════════════╪═══════╪═══════╪═══════╪═══════╡ │ tutorial.padring@.L1 │ │ u:ada │ u:ada │ │ └──────────────────────┴───────┴───────┴───────┘───────┘
Set read and write permissions for a group on a line:
Setting Read and Write permissions for a group on a Line
> pi perm set g:analog:wr tutorial.padring@.L1 > pi perm list tutorial.padring@.L1 ┌──────────────────────┬───────┬──────────┬──────────┬───────┐ │ │ OWNER │ WRITE │ READ │ VIEW │ ╞══════════════════════╪═══════╪══════════╪══════════╪═══════╡ │ tutorial.padring@.L1 │ │ g:analog │ g:analog │ │ │ │ │ u:ada │ u:ada │ │ └──────────────────────┴───────┴──────────┴──────────┴───────┘