Manage access to graph depots and repos
With the p4 grant-permission
command, you can
control access rights of users and groups to graph depots and their
underlying repos. This includes permissions to:
- create, delete, and view repos
- update, force-push, delete, and create branches and branch references
-
write to specific files only
This allows for scenarios where a user can clone a repo but can only push changes to a subset of the files in that repo.
-
delegate the administration of authorizations to the owner of a depot or repo
In most cases, delegating authorization management at the graph depot level should suffice because related repos typically reside in the same graph depot. However, if needed, repo owners can grant and revoke permissions for their repos.
For example, to grant user bruno
permission to read and
update files in graph depot graphDepot
, you can run the
following command:
$ p4 grant-permission -d graphDepot -u bruno -p write-all
To limit this permission to repo repo1
, which resides in
depot graphDepot
, you can run the following command:
$ p4 grant-permission -n //graphDepot/repo1 -u bruno -p write-all
By default, the following users have permission to run the p4
grant-permission
command:
- The owner of the graph depot or repo
- The
superuser
user for all graph depots - admin users for a particular graph depot or repo
You can view access controls by running the p4
show-permission
command. To revoke access controls, you
can run the p4 revoke-permission
command.
For initial setup instructions, see Granting permissions.
For a detailed list of permissions and their description, see p4 grant-permission in Helix Core Command-Line (P4) Reference.