Access levels required by Helix Server commands

The following table lists the minimum access level required to run each command. For example, because p4 add requires at least open access, you can run p4 add if you have open, write, admin, or super access. See p4 protect in Helix Core Command-Line (P4) Reference.

Commands that list files, such as p4 describe, list only those files to which the user has at least list access.

Some commands (for example, p4 change, when you edit a previously submitted changelist) take a -f flag that can only be used by Helix Server superusers. See Forcing operations with the -f flag for details.

Note

To understand the difference between standard users, operator users, and service users, see Types of users in Helix Core Command-Line (P4) Reference.

Command Access Level Notes

add

open

 

admin

super

An operator user can use all options except updatespecdepot, resetpassword, and end-journal.

An operator user with super can use all options.

aliases none  

annotate

read

 

archive

admin

 

attribute

write

The -f flag to set the attributes of submitted files requires admin access.

bgtask super  

branch

open

The -f flag to override existing metadata or other users' data requires admin access.

branches

list

 

cachepurge

super

 

change

open

The -o flag (display a change on standard output) requires only list access. The -f flag to override existing metadata or other users' data requires admin access.

changes

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

check-permission (graph) admin  

clean

read

 

client

list

The -f flag to override existing metadata or other users' data requires admin access.

client (graph)    

clients

list

 

clone

read

On the remote server.

configure

super

Also available to an operator user.

copy

list

list access to the source files; open access to the destination files.

counter

review

list access to at least one file in any depot is required to view an existing counter’s value; review access is required to change a counter’s value or create a new counter.

Also available to an operator user, including p4 counter -f

counters

list

Also available to an operator user.

cstat

list

 

dbschema

super

Also available to a service user.

dbstat

super

Also available to an operator user.

dbverify

super

Also available to an operator user.

delete

open

 
delete (graph)   write protection on path, write-ref permission on depot or repo.

depot

super

The -o flag to this command, which allows the form to be read but not edited, requires only list access.

depots

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

super for p4 depots -t extension

Also available to an operator user.

describe

read

The -s flag to this command, which does not display file content, requires only list access.

describe (graph) list  

diff

read

or list to use the -As option.
diff (graph)    

diff2

read

or list to use the -As option.
diff2 (graph)   list protection, read permission

dirs

list

 
dirs (graph)    

diskspace

super

Also available to an operator user.

edit

open

 
edit (graph)    

export

super

Also available to a service user.
extension super The super user can delegate some permissions to admins and users.
failback super  
failover super  

fetch

admin

 

filelog

list

 
filelog (graph)   list protection, read permission

files

list

 
files (graph)   list protection, read permission

fix

open

 

fixes

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

flush

list

 

fstat

list

 
fstat (graph)    
grant-permission (graph) super

super from p4 protect applies to all repos and graph depots

a user assigned to be admin from p4 grant-permission for a given repo or graph depot can use p4 grant-permission within the scope of that repo or graph depot

graph gc (graph) super  
graph lfs-lock (graph)    
graph lfs-locks (graph)    
graph lfs-unlock (graph)    
graph log (graph)   read though p4 grant-permission
graph purge-refhist (graph)   Either repo admin, based on p4 grant-permission, or the owner of the repo.
graph rebase (graph)   list protection, force-push permission
graph recompute-refcnts (graph) super  
graph show-ref (graph) super  
graph tag (graph)   read to see the tag, write-ref to overwrite the tag, delete-ref to delete the tag, create-ref to create a tag
graph tags (graph)   read on the repos with tags
graph verify (graph) list  

grep

read

 

group

super

The -o flag to this command, which allows the form to be read but not edited, requires only list access.

The -a flag to this command requires only list access, provided that the user is also listed as a group owner.

The -A flag requires admin access.

groups

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

have

list

list protection, read permission
have (graph)    
heartbeat super

Also available to an operator user.

help

none

 
help-graph (graph) list  

ignores

none

 

info

none

Also available to a service user.

init

none

 

integrate

open

The user must have open access on the target files and read access on the source files.

integrated

list

 

interchanges

list

 

istat

open

 

job

open

The -o flag to this command, which allows the form to be read but not edited, requires only list access.

The -f flag to override existing metadata or other users' data requires admin access.

jobs

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

Also available to an operator user.

jobspec

admin

The -o flag to this command, which allows the form to be read but not edited, requires only list access.

journalcopy

super

p4 journalcopy -l is also available to an operator user.

journaldbchecksums

super

Also available to an operator user.

journals

super

 

key

review

list access to at least one file in any depot is required to view an existing key’s value; review access is required to change a key’s value or create a new key. admin access is required if the dm.keys.hide configurable is set to 2.

keys

list

admin access is required if the dm.keys.hide configurable is set to 1 or 2.

label

open

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

The -f flag to override existing metadata or other users' data requires admin access.

labels

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

labelsync

open

 

ldap

super

 

ldaps

super

 

ldapsync

super

 

license

super

The -u flag, which displays license usage, requires only admin access.

list

open

 

lock

write

 
lock (graph)   list protection, read permission

lockstat

super

Also available to an operator user.

logappend

list

Also available to an operator user.

logger

review

 

login

list

Also available to an operator user and a service user
login2 list  

logout

list

Also available to an operator user and a service user.

An operator with super can use the -a and username options.

logparse

super

Also available to an operator user.

logrotate

super

Also available to an operator user.

logschema

super

Also available to an operator user.

logstat

super

Also available to an operator user.

logtail

super

Also available to an operator user.

merge

open

 
merge (graph)    

monitor

list

super access is required to terminate or clear processes, or to view arguments.

Also available to an operator user.

move

read or write

read for fromFile or write for toFile.

obliterate

admin

 

opened

list

 
opened (graph)   read protection, read permission

passwd

list

Also available to an operator user and a service user.

ping

admin

Also available to an operator user.

populate

open

 

print

read

 
print (graph)   list protection, read permission

property

list, admin

list to read, admin to add/delete new properties, or show a property setting and sequence number for all users and groups.

protect

super

 

protects

list

super access is required to use the -a, -g, and -u flags.

proxy

none

Must be connected to a Helix Proxy.

prune

write

For stream owner.

pubkey (graph) super super to update or delete someone else's pubkey,
list to add, update, or delete your own
pubkeys (graph) list  

pull

super

p4 pull -lj and p4 pull -ls are available to an operator user.

push

read or write

read on the local server or write on the remote server.

reconcile

open

 
reconcile (graph)  

list protection, write protection (and write-refpermission) to submit

reload

open

admin access is required to use p4 reload -f to reload other users' workspaces and labels.

remote

open or list or admin

open or list to use the -o option or admin to use the -f option.

remotes

list

 

rename

read or write

read for fromFile or write for toFile.

renameclient admin or owner of client workspace

renameuser

super

 

reopen

open

 

replicate

super

 
repo (graph)  
  • read though p4 grant-permission to read and to use -o or -i

  • create-repo through p4 grant-permission to create a repo and grant permissions on any repo that user owns

  • delete-repo through p4 grant-permission

  • admin through p4 grant-permission to create, delete, use the -f option, and grant permissions

repos (graph)   read on this repo through p4 grant-permission (graph)
reshelve open  

resolve

open

 
resolve (graph)    

resolved

open

 

restore

admin

 

resubmit

write or admin

write or admin for -i option.

revert

list

 
revert (graph) list  

review

review

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

reviews

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

revoke-permission (graph)    

server

super

 

serverid

list

super access is required to set the server ID.

servers

list

An operator user can run p4 servers and p4 servers -J

set

none

 

shelve

open

admin access is required to forcibly delete shelved files with p4 shelve -f -d

show-permission (graph)    
show-permissions (graph)    
show-ref (graph) super  

sizes

list

 

status

open

 
storage admin super to use the -U option

stream

open

admin access is required to use the -f option to delete or modify locked streams owned by other users

streamlog open  

streams

list

 
streamspec admin  

submit

write

 
submit (graph) write write protection on path to submit

switch

open or list or write

open to use the -c or -r options, or list to use the -L, or write for default switching.

switch (graph)    

sync

read

 
sync (graph)    

tag

list

 

tickets

none

 
topology super Also available to an operator user.

triggers

super

 

trust

none

 

typemap

admin

The -o flag to this command, which allows the form to be read but not edited, requires only list access.

undo open  

unload

open

admin access is required to use p4 unload -f to unload other users' workspaces and labels.

unlock

open

The -f flag to override existing metadata or other users' data requires admin access.

unlock (graph)  

read permission for the repo

admin permission to unlock with the -f option

unshelve

open

 

unsubmit

admin

 

unzip

admin

 

update

list

 
upgrades super  

user

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

The -f flag (which is used to create or edit users) requires super access.

Also available to an operator user and a service user

users

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

If the run.users.authorize configurable is set to 1, you must also authenticate yourself to the server before you can run p4 users.

verify

admin

Also available to an operator user.

where

list

This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.

workspace

list

 

workspaces

list

 

zip

super