Manage access to graph depots and repos

With the p4 grant-permission command, you can control access rights of users and groups to graph depots and their underlying repos. This includes permissions to:

  • create, delete, and view repos
  • update, force-push, delete, and create branches and branch references
  • write to specific files only

    This allows for scenarios where a user can clone a repo but can only push changes to a subset of the files in that repo.

  • delegate the administration of authorizations to the owner of a depot or repo

    In most cases, delegating authorization management at the graph depot level should suffice because related repos typically reside in the same graph depot. However, if needed, repo owners can grant and revoke permissions for their repos.

For example, to grant user bruno permission to read and update files in graph depot graphDepot, you can run the following command:

$ p4 grant-permission -d graphDepot -u bruno -p write-all

To limit this permission to repo repo1, which resides in depot graphDepot, you can run the following command:

$ p4 grant-permission -n //graphDepot/repo1 -u bruno -p write-all

By default, the following users have permission to run the p4 grant-permission command:

  • The owner of the graph depot or repo
  • The superuser user for all graph depots
  • admin users for a particular graph depot or repo

You can view access controls by running the p4 show-permission command. To revoke access controls, you can run the p4 revoke-permission command.

For initial setup instructions, see Granting permissions.

For a detailed list of permissions and their description, see p4 grant-permission in Helix Core Command-Line (P4) Reference.