Use p4 protect to control Perforce permissions. You can use
p4 protect to:
|
|
|
|
|
The user can do everything permitted with list access, and also run any command that involves reading file data, including p4 print, p4 diff, p4 sync, and so on.
|
|
|
|
This gives the user permission to do everything she can do with read access, and gives her permission to p4 add, p4 edit, p4 delete, and p4 integrate files. However, the user is not allowed to lock files or submit files to the depot.
|
|
|
|
|
|
|
|
|
|
This permission is meant for external programs that access Perforce. It gives the external programs permission to do anything that list and read can do, and grants permission to run p4 review and p4 counter. It does not include open or write access.
|
|
Includes all of the above, including administrative commands that override changes to metadata, but do not affect server operation.
|
|
|
When you run p4 protect, Perforce displays a form with a single field,
Protections:. Each permission is specified in its own indented line under the
Protections: header, and has five values:
When exclusionary mappings are not used, a user is granted the highest permission level listed in the union of all the mappings that match the user, the user's IP address, and the files the user is trying to access. In this case, the order of the mappings is irrelevant.
When exclusionary mappings are used, order is relevant: the exclusionary mapping overrides any matching protections listed above it in the table. No matter what access level is being denied in the exclusionary protection, all the access levels for the matching users, files, and IP addresses are denied.
If you use exclusionary mappings to deny access to an area of the depot to members of group1, but grant access to the same area of the depot to members of
group2, a user who is a member of both
group1 and
group2 is either granted or denied access based on whichever line appears last in the protections table.
In this example, user joe can perform administrative functions, which may include reading or listing files in
//depot/build/..., but he is prohibited from opening files for edit (or submitting any changes he may have open.) He can, however, continue to create and modify files outside of the protected
//depot/build/... area.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The -f flag to override existing metadata or other users' data requires admin access.
|
|
|
|
|
|
|
|
|
The -f flag to override existing metadata or other users' data requires admin access.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
The -f flag to override existing metadata or other users' data requires admin access.
|
|
|
|
|
|
list access is required to view an existing counter's value; review access is required to change a counter's value or create a new counter.
|
|
|
|
|
|
|
|
|
The -o flag to this command, which allows the form to be read but not edited, requires only list access.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
The -s flag to this command, which does not display file content, requires only list access.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
|
|
|
The -o flag to this command, which allows the form to be read but not edited, requires only list access.
The -a flag to this command requires only list access, provided that the user is also listed as a group owner.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
|
|
|
|
|
|
|
|
|
The user must have open access on the target files and read access on the source files.
|
|
|
|
|
|
The -o flag to this command, which allows the form to be read but not edited, requires only list access.
The -f flag to override existing metadata or other users' data requires admin access.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
The -o flag to this command, which allows the form to be read but not edited, requires only list access.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
The -f flag to override existing metadata or other users' data requires admin access.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
super access is required to terminate or clear processes, admin access is required to view arguments.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
super access is required to use the -a, -g, and -u flags.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The -o flag to this command, which allows the form to be read but not edited, requires only list access.
|
|
|
The -f flag to override existing metadata or other users' data requires admin access.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
|
|
|
|
|
This command doesn't operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
|
Suppose that user joe is a member of groups
devgroup and
buggroup, as set by
p4 group, and the protections table reads as follows: