Configurables for security

This topic assumes the P4 Server is at version 2025.1 or later. If not, see Earlier documentation versions.

Immediately after you install P4 Server, ensure that the following configurables are set to match the Value column.

Purpose	Configurable	Value
Require ticket-based authentication. To help protect systems and data, specify a value of at least 4. This level of protection is particularly important in multi-server and replicated environments. The setting helps to ensure that only authenticated service users can connect to the server. The setting also requires server specs for all replicas. For successful configuration at various levels, carefully consider the details in the Server behavior column at Server security levels.	security	`4` or higher
Ensure that only users with the `super` access level A permission assigned to a user to control which commands the user can run. See also the 'protections' entry in this glossary and the 'p4 protect' command in the P4 CLI Reference., and whose password is already set, can set the initial password for other users. All users can reset their own password after logging in with an initial password set by a super user. Before setting this configurable, ensure that you already have a `super` user with a strong password. Also, to help prevent unauthorized access to your system, assign a strong initial password to any user that you create.	dm.user.setinitialpasswd	0
Ensure that only a user with the `super` access level A permission assigned to a user to control which commands the user can run. See also the 'protections' entry in this glossary and the 'p4 protect' command in the P4 CLI Reference. can create a user, and that the super user does so by explicitly running the p4 user -f username command.	dm.user.noautocreate	`2`
Force new users that have been created by a super user to reset their passwords.	dm.user.resetpassword	1
Hide sensitive information from unauthorized users of `p4 info`.	dm.info.hide	`1`
Hide user details from unauthenticated users.	run.users.authorize	`1`
If authentication fails because of an incorrect username, hide the reason for the failure.	dm.user.hideinvalid	`1`
Hide information in key/value pairs used in scripts from those who lack `admin` access. One use case is hiding P4 Code Review storage from regular users.	dm.keys.hide	`2`
Prevent a server from being used as a P4AUTH server without deliberate configuration.	server.rolechecks	`1`

For instructions about setting values for configurables, see the p4 configure command.

For a list of additional configurables that can affect security, see Categories > Security in the P4 CLI Reference.