Manage access to graph depots and repos
With the p4 grant-permission command, you can
control access rights of users and groups to graph depots and their
underlying repos. This includes permissions to:
- create, delete, and view repos
- update, force-push, delete, and create branches and branch references
-
write to specific files only
This allows for scenarios where a user can clone a repo but can only push changes to a subset of the files in that repo.
-
delegate the administration of authorizations to the owner of a depot or repo
In most cases, delegating authorization management at the graph depot level should suffice because related repos typically reside in the same graph depot. However, if needed, repo owners can grant and revoke permissions for their repos.
For example, to grant user bruno permission to read and
update files in graph depot graphDepot, you can run the
following command:
$ p4 grant-permission -d graphDepot -u bruno -p write-all
To limit this permission to repo repo1, which resides in
depot graphDepot, you can run the following command:
$ p4 grant-permission -n //graphDepot/repo1 -u bruno -p write-all
By default, the following users have permission to run the p4
grant-permission command:
- The owner of the graph depot or repo
- The
superuseruser for all graph depots - admin users for a particular graph depot or repo
You can view access controls by running the p4
show-permission command. To revoke access controls, you
can run the p4 revoke-permission command.
For initial setup instructions, see Granting permissions.
For a detailed list of permissions and their description, see p4 grant-permission in Helix Core Command-Line (P4) Reference.
