Helix4Git Administrator Guide (2019.1)

Grant permissions

The Git Connector authenticates Git users through HTTP or SSH (see Set up Git users to work with the Git Connector) and allows them to access resources by pull, push, and clone transactions through user or group permissions in the Helix server.

Important

Because the gconn-user performs all Helix server requests required by the Git Connector, the gconn-user must have an entry in the protections table with list permission and have been granted admin permission for all graph depots manually created after the installation.

For details on Helix server permissions, see Securing the Server in Helix Core Server Administrator Guide: Fundamentals. For details on the p4 protect command, see p4 protect in the Helix Core P4 Command Reference.

For details on access control policies related to graph depots, see Manage access to graph depots and repos.

Perform the following steps to grant the required permissions:

  1. Add the user gconn-user to the protections table with list permission. Note that if you encounter a reference to GConn P4 user, this is the gconn-user user.

    Run the following command to open the protections table in text form:

    $ p4 protect

    Add the following line to the Protections field:

    $ list user gconn-user * //...

    Save the spec.

  2. For any depot of type graph that you create in addition to the ones already created during the installation, grant the gconn-user user admin permission:

    $ p4 grant-permission -u gconn-user -p admin -d graphDepotName
  3. As a superuser, grant admin permission to another user so that this user can manage permissions as required:

    $ p4 grant-permission -u username -p admin -d graphDepotName
  4. Grant users permission to create repos for specific graph depots:

    $ p4 grant-permission -p create-repo -d graphDepotName -u username
  5. Grant users permission to push repos to a graph depot:

    $ p4 grant-permission -p write-all -u username -d graphDepotName
Tip

Instead of granting permissions to single users, you can create groups, assign users to groups, and set permissions that are appropriate for that particular group. See Granting access to groups of users in Helix Core Server Administrator Guide: Fundamentals.