p4 group
Synopsis
Add or delete users from a group, or set the maxresults
,
maxscanrows
, maxlocktime
, and timeout
limits for the members of a
group.
Syntax
p4 [g-opts
] group [-a | -A]
groupname
p4 [g-opts
] group -d [-a | -F]
groupname
p4 [g-opts
] group -o
groupname
p4 [g-opts
] group -i [-a |
-A]
Description
A group is a list of Perforce users. Use groups to set access levels
in the p4 protect
form, to limit the maximum amount
of data that can be retrieved from Perforce by particular users with a
single command, to set the timeout period for p4
login
tickets, and to provide information for the
p4 ldapsync
command.
To delete a group, use p4 group -d groupname
, or call p4
group groupname
and remove all the users from the resulting form.
Use the -F
option with the -d
option to force deletion and to remove the
group from the protections table and from all groups.
Form Fields
Field Name | Type | Description |
---|---|---|
|
Read-only |
The name of the group, as entered on the command line. |
|
Writable |
The maximum number of results that members of this group can access
from the service from a single command. The default value is
|
|
Writable |
The maximum number of rows that members of this group can scan from
the service from a single command. The default value is |
|
Writable |
The maximum length of time (in milliseconds) that any one operation
can lock any database table when scanning data. The default value is
|
|
Writable |
The maximum number of files that a member of a group can open using a single command. See Usage Notes for more details. |
|
Writable |
The duration (in seconds) of the validity of a session ticket created
by |
|
Writable |
The length of time (in seconds) for which passwords for users in this
group remain valid. To disable password aging, use a value of
|
|
Writable |
The LDAP configuration to use when populating the group’s user list from an LDAP query. For more information, see |
|
Writable |
The LDAP query used to identify the members of the group. For more information, see |
|
Writable |
The LDAP attribute that represents the user’s username. For more information, see |
|
Writable, multi-line |
Names of other Perforce groups. To add all users in a previously defined group to the group you’re
presently working with, include the group name in the Every member of any previously defined group you list in the
|
|
Writable, multi-line |
Names of other Perforce users. Group owners without Group owners are not necessarily members of a group; if a group owner is
to be a member of the group, the userid must also be added to the
The specified owner does not have to be a Perforce user. You might want to use an arbitrary name if the user does not yet exist, or if you have deleted the user and need a placeholder until you can assign the spec to a new user. |
|
Writable, multi-line |
The Perforce usernames of the group members. Each user name must be typed on its own line, and should be indented. |
Options
|
Allow a (non-superuser) group owner to administer the group. The user
must be listed in the |
|
Allow a user with |
|
Delete group groupname. The members of the group are affected only
if their access level or |
|
Used only with the |
|
Read the form from standard input without invoking the user’s editor. The new group specification replaces the previous one. |
|
Write the form to standard output without invoking the user’s editor. |
|
See “Global Options”. |
Usage Notes
Can File Arguments Use Revision Specifier? | Can File Arguments Use Revision Range? | Minimal Access Level Required |
---|---|---|
N/A |
N/A |
|
- Referring to a (nonexistent) user in a group definition does not
create the user, nor does it consume a license; use the
p4 user
command to create users. - Ticket
Timeout
andPasswordTimeout
values for users who belong to multiple groups are calculated the same way asmaxresults
values: the largesttimeout
value for all the groups of which the user is a member (includingunlimited
, but ignoringunset
). Users in no groups have the default ticketTimeout
value of43200
andPasswordTimeout
value ofunset
. To create a ticket that does not expire, set theTimeout
tounlimited
. - If you are using the
PasswordTimeout:
field to implement password aging, a 30-day timeout is 2,592,000 seconds. -
As the number of files in the depot grows, certain commands can significantly slow down the service if called with no parameters, or if called with non-restrictive arguments. For example, p4 print //depot/... will print the contents of every file in the depot on the user’s screen, and p4 filelog //depot/... will attempt to retrieve data on every file in the depot at every revision.
The Perforce superuser can limit the amount of data that Perforce returns to the user by setting the
MaxResults
value for groups of users. The superuser can also limit the amount of data scanned (whether returned to the user or not) by setting theMaxScanRows
value, and the length of time any database table can be locked in by any single operation by setting theMaxLockTime
value. Equally, theMaxOpenFiles
field can be set to specify the maximum number of files that a group member can open at any given time.If any of the
MaxResults
,MaxScanRows
,MaxLockTime
, orMaxOpenFiles
limits are violated, the request fails and the user is asked to limit his query.If a user belongs to multiple groups, the service computes her
MaxResults
value to be the maximum of theMaxResults
for all the groups of which the user is a member (removing the limit if it encounters a setting ofunlimited
, but ignoring any settings still at the default value ofunset
). If a particular user is not in any groups, herMaxResults
value isunset
. (The user’sMaxScanRows
,MaxLockTime
, andMaxOpenFiles
limits are computed in the same way.)The speed of most hardware should make it unnecessary to ever set a
MaxResults
value below 10,000, aMaxScanRows
value below 50,000, or aMaxLockTime
value below 1,000.A user can also set these limits by specifying them on a per-command basis for some commands. Values set for individual commands, override values set using p4 group. To disable overriding p4 group settings, set
server.commandlimits=2.
- To unload a workspace or label, a user must be able to scan all the
files in the workspace’s have list and/or files tagged by the label.
Administrators should set
MaxScanRows
andMaxResults
high enough that users will not need to ask for assistance withp4 unload
orp4 reload
operations. - To display a group’s
maxresults
,maxscanrows
,maxlocktime
,MaxOpenFiles
andtimeout
limits, usep4 groups -v groupname
. - Use
p4 help maxresults
to obtain the list of commands that are affected by any of the four limiting values.