Managing users and groups in Helix Core Server

You add Helix DAM users from the Helix TeamHub admin UI. TeamHub then provides the information to Helix Server, where it is stored. To create Helix DAM users, see Creating users.

To perform these tasks on the Helix Server side, see the following sections in the Helix Core Server Administrator Guide:

Managing users for information on user types, adding new licensed users, and renaming users
Authorizing access for information on the protections table and setting permission levels for users
Granting access to groups of users for information on creating and editing groups

Warning

In Helix Server, do not alter or edit groups with a name following any of these conventions in any way:

HTH-//<depot-path>/<repo-path>-<HTH_ACCESS_LEVEL>

HTH-<depotname>-<hth_access_level>

HTH-<company-admin>

Mapping of TeamHub roles to graph depot permissions

In Helix Server, you grant permissions to users or groups. In TeamHub, you assign roles. The following table indicates how each TeamHub role is mapped to specific graph depot permissions in Helix Server.

TeamHub Role	Graph Depot Permission
Admin	`admin`
Manager	`write-all`
Master	`force-push` `delete-repo` `create-repo`
Developer	`delete-ref` `create-ref` `write-all`
Guest	`read`

For more information on Helix Server permissions, see the p4 grant-permission command in the Helix Core Command-Line (P4) Reference.

For more information on TeamHub roles, see the Roles chapter in the Helix TeamHub User Guide.

Including and excluding of Helix Server users and groups

You may want to include users or groups, or one or more users in a group, that exist in Helix Server to be available in Helix DAM, or exclude them from being displayed. To do this, configure the respective keys, either in the TeamHub admin UI under Preferences > Helix Server > Account and group synchronization, or in the /var/opt/hth/shared/hth.json configuration file. For details on these keys, see Section: pilsner in the TeamHub configuration section.

Note

TeamHub bots are created as users on the Helix Server.
The include/exclude configuration applies to bots in the same way as it does for other users.
Add the users to the appropriate groups before updating the include/exclude configuration.
Update the include/exclude configuration before managing users, bots , and groups in the TeamHub admin UI.

When synchronizing users, TeamHub proceeds in the following order. TeamHub:

Includes direct users and bots
Adds users and bots from groups
Excludes users and bots from groups
Excludes direct users and bots

When synchronizing groups, TeamHub first includes groups and then extracts any groups that are marked as excluded in the configuration.

To include or exclude Helix Server users or groups:

In the Preferences view, under Account and group synchronization, enter the name of users or groups as needed.

For example:

To include the users called user1 and user2, enter the following in the Include users field: ^(user1|user2)$

To include users from a group called perforce-group, enter the following in the Include users from groups field: ^perforce-group$

For details and more examples, see Section: pilsner.
Click Save preferences.

A warning appears because the changes have not been applied to the TeamHub server yet. Perform the following step to finalize the configuration.
To apply server configuration changes to the TeamHub server, connect to the server via SSH and run the following command:

sudo hth-ctl reconfigure
After successfully running the reconfigure command, reload the TeamHub admin portal.

Warning
Failure to do so may result in normal web server interruption messages, such as the HTTP Error 503. The service is unavailable. error, because the services come back online.

JSON configuration examples

This section includes examples of how to exclude groups and users by editing the pilsner key in the /var/opt/hth/shared/hth.json file. Including or excluding users, users from groups, and groups works exactly the same way, so you can apply the following examples to all cases.

To exclude all groups starting with external- or test- or ending with test:

^(external-|test-).*, test$

To exclude user1 and user2, and any user starting or ending with test:

^(user1|user2)$, test$, ^test

Following is a code snippet from the hth.json file with these values included under the "pilsner" key:

"helix_users_include_regex": "",
"helix_users_exclude_regex": "^(user1|user2)$, test$, ^test",
"helix_users_from_groups_include_regex": "",
"helix_users_from_groups_exclude_regex": "",
"helix_groups_include_regex": "",
"helix_groups_exclude_regex": "^(external-|test-).*, test$"