Grant permissions

The Git Connector authenticates Git users through HTTP or SSH (see Set up Git users to work with the Git Connector) and allows them to access resources by pull, push, and clone transactions through user or group permissions in the Helix Server.

For details on Helix Server permissions, see Securing the Server . For details on the p4 protect command, see p4 protect in the Helix Core Command-Line (P4) Reference.

For details on access control policies related to graph depots, see Manage access to graph depots and repos.

Tip

If you encounter a reference to the gconn-user, this is the GConn P4 user.

Important

The Git Connector configuration script grants the gconn-user the graph depot permission of admin for all graph depots automatically. However, this only takes effect if the gconn-user has an entry in the Helix Core protections spec form. We therefore recommend that the gconn-user be given the list protection for a graph depot.

As super, perform the following steps to grant the required permissions:

  1. Add the user gconn-user to the protections spec form with the list protection. To do so, run the p4 protect command to open the protections spec form:

    $ p4 protect

    and add the following line to the protections spec form:

    list user gconn-user * //repo/...

    then save the spec.

  2. (optional) Grant admin permission to another user so that this user can manage permissions for repos and graph depots:

    $ p4 grant-permission -d graphDepotName -u username -p admin 
  3. (optional) Grant some Helix Core users the permission to create repos for specific graph depots:

    $ p4 grant-permission -d graphDepotName -u username -p create-repo
  4. (optional) Grant some Helix Core end-users permission to push repos to a graph depot:

    $ p4 grant-permission -d graphDepotName -u username -p write-all 
Tip

Instead of granting permissions to single users, we recommend that you create groups, assign users to groups, and set permissions that are appropriate for that particular group. See Granting access to groups of users.