Access levels required by Helix Core Server commands

The following table lists the minimum access level required to run each command. For example, because p4 add requires at least open access, you can run p4 add if you have open, write, admin, or super access. See p4 protect in the Helix Core Command-Line (P4) Reference.

Commands that list files, such as p4 describe, list only those files to which the user has at least list access.

Some commands (for example, p4 change, when you edit a previously submitted changelist) take a -f flag that can only be used by Helix Core Server superusers. See Forcing operations with the -f flag for details.

Note

To understand the difference between standard users, operator users, and service users, see Types of users in the Helix Core Command-Line (P4) Reference.

Command	Access Level	Notes
`add`	`open`
`admin`	`super`	An operator user can use all options except `updatespecdepot`, `resetpassword`, and `end-journal`. An operator user with super can use all options.
`aliases`	none
`annotate`	`read`
`archive`	`admin`
`attribute`	`write`	The `-f` flag to set the attributes of submitted files requires `admin` access.
`bgtask`	`super`
`branch`	`open`	The `-f` flag to override existing metadata or other users' data requires `admin` access.
`branches`	`list`
`cachepurge`	`super`
`change`	`open`	The `-o` flag (display a change on standard output) requires only `list` access. The `-f` flag to override existing metadata or other users' data requires `admin` access.
`changes`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`check-permission (graph)`	`admin`
`clean`	`read`
`client`	`list`	The `-f` flag to override existing metadata or other users' data requires `admin` access.
`client (graph)`
`clients`	`list`
`clone`	`read`	On the remote server.
`configure`	`super`	Also available to an operator user.
`copy`	`list`	list access to the source files; `open` access to the destination files.
`counter`	`review`	list access to at least one file in any depot is required to view an existing counter’s value; `review` access is required to change a counter’s value or create a new counter. Also available to an operator user, including `p4 counter -f`
`counters`	`list`	Also available to an operator user.
`cstat`	`list`
`dbschema`	`super`	Also available to a service user.
`dbstat`	`super`	Also available to an operator user.
`dbverify`	`super`	Also available to an operator user.
`delete`	`open`
`delete (graph)`		`write` protection on path, `write-ref` permission on depot or repo.
`depot`	`super`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access.
`depots`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. super for `p4 depots -t extension` Also available to an operator user.
`describe`	`read`	The `-s` flag to this command, which does not display file content, requires only `list` access.
`describe (graph)`	`list`
`diagnostics`	`admin`
`diff`	`read`	or `list` to use the `-As` option.
`diff (graph)`
`diff2`	`read`	or `list` to use the `-As` option.
`diff2 (graph)`		`list` protection, `read` permission
`dirs`	`list`
`dirs (graph)`
`diskspace`	`super`	Also available to an operator user.
`edit`	`open`
`edit (graph)`
`export`	`super`	Also available to a service user.
`extension`	`super`	The super user can delegate some permissions to admins and users.
`failback`	`super`
`failover`	`super`
`fetch`	`admin`
`filelog`	`list`
`filelog (graph)`		`list` protection, `read` permission
`files`	`list`
`files (graph)`		`list` protection, `read` permission
`fix`	`open`
`fixes`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`flush`	`list`
`fstat`	`list`
`fstat (graph)`
`grant-permission (graph)`	`super`	super from p4 protect applies to all repos and graph depots a user assigned to be `admin` from `p4 grant-permission` for a given repo or graph depot can use `p4 grant-permission` within the scope of that repo or graph depot
`graph gc (graph)`	`super`
`graph lfs-lock (graph)`
`graph lfs-locks (graph)`
`graph lfs-unlock (graph)`
`graph log (graph)`		`read` though `p4 grant-permission`
`graph purge-refhist (graph)`		Either repo `admin`, based on `p4 grant-permission`, or the owner of the repo.
`graph rebase (graph)`		`list` protection, `force-push` permission
`graph recompute-refcnts (graph)`	`super`
`graph show-ref (graph)`	`super`
`graph tag (graph)`		`read` to see the tag, `write-ref` to overwrite the tag, `delete-ref` to delete the tag, `create-ref` to create a tag
`graph tags (graph)`		`read` on the repos with tags
`graph verify (graph)`	`list`
`grep`	`read`
`group`	`super`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access. The `-a` flag to this command requires only `list` access, provided that the user is also listed as a group owner. The `-A` flag requires `admin` access.
`groups`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`have`	`list`	`list` protection, `read` permission
`have (graph)`
`heartbeat`	`super`	Also available to an operator user.
`help`	`none`
`help-graph (graph)`	`list`
`ignores`	`none`
`info`	`none`	Also available to a service user.
`init`	`none`
`integrate`	`open`	The user must have `open` access on the target files and `read` access on the source files.
`integrated`	`list`
`interchanges`	`list`
`istat`	`open`
`job`	`open`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access. The `-f` flag to override existing metadata or other users' data requires `admin` access.
`jobs`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. Also available to an operator user.
`jobspec`	`admin`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access.
`journalcopy`	`super`	`p4 journalcopy -l` is also available to an operator user.
`journaldbchecksums`	`super`	Also available to an operator user.
`journals`	super
`key`	`review`	list access to at least one file in any depot is required to view an existing key’s value; `review` access is required to change a key’s value or create a new key. admin access is required if the `dm.keys.hide` configurable is set to `2`.
`keys`	`list`	admin access is required if the `dm.keys.hide` configurable is set to `1` or `2`.
`label`	`open`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. The `-f` flag to override existing metadata or other users' data requires `admin` access.
`labels`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`labelsync`	`open`
`ldap`	`super`
`ldaps`	`super`
`ldapsync`	`super`
`license`	`super`	The `-u` flag, which displays license usage, requires only `admin` access.
`list`	`open`
`lock`	`write`
`lock (graph)`		`list` protection, `read` permission
`lockstat`	`super`	Also available to an operator user.
`logappend`	`list`	Also available to an operator user.
`logger`	`review`
`login`	`list`	Also available to an operator user and a service user
`login2`	`list`
`logout`	`list`	Also available to an operator user and a service user. An operator with `super` can use the `-a` and `username` options.
`logexport`	`super`	Also available to an operator user.
`logparse`	`super`	Also available to an operator user.
`logrotate`	`super`	Also available to an operator user.
`logschema`	`super`	Also available to an operator user.
`logstat`	`super`	Also available to an operator user.
`logtail`	`super`	Also available to an operator user.
`merge`	`open`
`merge (graph)`
`monitor`	`list`	super access is required to terminate or clear processes, or to view arguments. Also available to an operator user.
`move`	read or write	read for `fromFile` or `write` for `toFile`.
`obliterate`	`admin`
`opened`	`list`
`opened (graph)`		`read` protection, `read` permission
`passwd`	`list`	Also available to an operator user and a service user.
`ping`	`admin`	Also available to an operator user.
`populate`	`open`
`print`	`read`
`print (graph)`		`list` protection, `read` permission
`property`	`list, admin`	list to read, `admin` to add/delete new properties, or show a property setting and sequence number for all users and groups.
`protect`	`super`
`protects`	`list`	super access is required to use the `-a`, `-g`, and `-u` flags.
`proxy`	`none`	Must be connected to a Helix Proxy.
`prune`	`write`	For stream owner.
`pubkey (graph)`	`super`	super to update or delete someone else's pubkey, `list` to add, update, or delete your own
`pubkeys (graph)`	`list`
`pull`	`super`	`p4 pull -lj` and `p4 pull -ls` are available to an operator user.
`push`	read or write	read on the local server or `write` on the remote server.
`reconcile`	`open`
`reconcile (graph)`		`list` protection, `write` protection (and `write-ref`permission) to submit
`reload`	`open`	admin access is required to use `p4 reload -f` to reload other users' workspaces and labels.
`remote`	open or `list` or admin	open or `list` to use the `-o` option or `admin` to use the `-f` option.
`remotes`	`list`
`rename`	read or write	read for `fromFile` or `write` for `toFile`.
`renameclient`	`admin`	or owner of client workspace
`renameuser`	`super`
`reopen`	`open`
`replicate`	`super`
`repo (graph)`		`read` though `p4 grant-permission` to read and to use `-o` or `-i` `create-repo` through `p4 grant-permission` to create a repo and grant permissions on any repo that user owns `delete-repo` through `p4 grant-permission` `admin` through `p4 grant-permission` to create, delete, use the `-f` option, and grant permissions
`repos (graph)`		`read` on this repo through `p4 grant-permission (graph)`
`reshelve`	`open`
`resolve`	`open`
`resolve (graph)`
`resolved`	`open`
`restore`	`admin`
`resubmit`	write or admin	write or `admin` for `-i` option.
`revert`	`list`
`revert (graph)`	`list`
`review`	`review`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`reviews`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`revoke-permission (graph)`
`server`	`super`	super access is required to add or modify a server spec.
`serverid`	`list`	super access is required to set the server ID.
`servers`	`list`	An operator user can run `p4 servers` and `p4 servers -J`
`set`	`none`
`shelve`	`open`	admin access is required to forcibly delete shelved files with p4 shelve -f -d
`show-permission (graph)`
`show-permissions (graph)`
`show-ref (graph)`	`super`
`sizes`	`list`
`status`	`open`
`storage`	`admin`	`super` to use the `-U` option
`stream`	`open`	admin access is required to use the `-f` option to delete or modify locked streams owned by other users
`streamlog`	`open`
`streams`	`list`
`streamspec`	`admin`
`submit`	`write`
`submit (graph)`	`write`	`write` protection on path to submit
`switch`	open or `list` or write	open to use the `-c` or `-r` options, or `list` to use the `-L`, or `write` for default switching.
`switch (graph)`
`sync`	`read`
`sync (graph)`
`tag`	`list`
`tickets`	`none`
`topology`	`super`	Also available to an operator user.
`triggers`	`super`
`trust`	`none`
`typemap`	`admin`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access.
`undo`	`open`
`unload`	`open`	admin access is required to use `p4 unload -f` to unload other users' workspaces and labels.
`unlock`	`open`	The `-f` flag to override existing metadata or other users' data requires `admin` access.
`unlock (graph)`		`read` permission for the repo `admin` permission to unlock with the `-f` option
`unshelve`	`open`
`unsubmit`	`admin`
`unzip`	`admin`
`update`	`list`
`upgrades`	`super`
`user`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. The `-f` flag (which is used to create or edit users) requires `super` access. Also available to an operator user and a service user
`users`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. If the `run.users.authorize` configurable is set to `1`, you must also authenticate yourself to the server before you can run `p4 users`.
`verify`	`admin`	Also available to an operator user.
`where`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`workspace`	`list`
`workspaces`	`list`
`zip`	`super`