p4 grant-permission (graph)

Assign the specified permission for the specified depot of type graph (or a repo in that depot) to the specified user or group.

Note

For depots of type graph only.

Syntax

p4 [g-opts] grant-permission -d graphDepot1 -g group [-r ref] -p permission
p4 [g-opts] grant-permission -d graphDepot1 -u user [-r ref] -p permission
p4 [g-opts] grant-permission -n //graphDepot1/reponame -g group [-r ref] -p permission
p4 [g-opts] grant-permission -n //graphDepot1/reponame -u user [-r ref] -p permission  
p4 [g-opts] grant-permission -n //graphDepot1/reponame -g group -r ref -p restricted-ref                                                
p4 [g-opts] grant-permission -n //graphDepot1/reponame -u user -r ref -p restricted-ref

Description

Note

An administrator is the owner, or a user that has been granted the admin permission for that specific graph depot or repo.

The user who creates a depot is the owner of that depot and always has full admin rights to the depot. An admin user can grant permissions, including the admin permission, to groups and users of the depot or a repo it contains.

This command does not verify the existence of the specified user or group. Nor does this command verify the existence of the specified reference to a branch or tag. Therefore, you can use those options before or after creating the user, group, or reference to a branch or tag.

Permissions are additive. For example, you can give a user the create-repo permission, and later also give that user the delete-repo permission. After you have granted a permission, you can remove that permission with p4 revoke-permission.

Note

Certain permissions imply multiple permissions. Any such permissions are included automatically and cannot be revoked unless the permission that contains them is revoked. See Permissions.

Options

-d

Applies to the depot and its repos.

Note

The Helix Server superuser can specify -d * to grant the permission for all repos in all graph depots.

-n

Applies to the repo with the specified name.

-g

Applies to the specified group.

-u

Applies to the specified user.

-r

Optional for the create-ref, delete-ref, and write-ref permissions to specify the ref, a reference that corresponds to a repository’s branch, such as refs/heads/release, or a tag, which might represent a release number, such as refs/heads/rel-2.1.14. See https://git-scm.com/book/en/v2/Git-Internals-Git-References.

Required for the restricted-ref permission.

-p

Applies the specified permission.

g-opts

See Global options.

Permissions

When you grant a permission to a user or group, that user or group receives:

  • the specified permission
  • any permissions that are implied (implicitly included) with the explicit permission

The implied permissions associated with each assigned permission:

Assigned Permission

 Implied Permission
  admin force-push delete-ref create-ref delete-repo create-repo write-all write-ref read
admin                  
force-push                  
delete-ref                  
create-ref                  
delete-repo                  
create-repo                  
write-all                  
write-ref                  
read                  

The capability associated with each permission:

admin

Grant and revoke permissions for the repo or depot specified.

force-push

Force an overwrite to the branch.

delete-ref

Delete the repository’s branch or tag specified by -rref.

create-ref

Create and set the initial value of -rref for the specified repository’s branch or tag.

delete-repo

Delete a repo in the specified depot of type graph.

create-repo

Allows a user to create a new repo on the graph depot through the git push command. For details, see Helix4Git Administrator Guide, which explains how to create and view repos.

write-all

Read and update files and references of the branch or tag specified by -rref. This permission allows a user to clone, pull, and push a repo that already exists in the graph depot. Does not include the create-repo permission.

write-ref

Read and update the repository’s branch or tag specified by -rref. This is the sole permission that applies the protection setting in the protections table for a file or directory. See p4 protect and "Authorizing access" in Helix Core Server Administrator Guide: Fundamentals.

read

Read the files in the specified depot or repo. This allows the user to clone and pull from the repo.

The following permission is exclusive and has no implied permissions:

restricted-ref

The specified user or group can update the ref, (branch or tag) specified by the -r option. If set, only users with this permission can perform an update. This prevents other users with write-ref or write-all from updating the specified reference. (See the final example.)

Examples

To assign the read permission for the specified depot of type graph (and its repos) to the specified user:

p4 grant-permission -p read -d graphDepot1 -u bruno

To limit the assignment to a specific repo within a specific graph depot:

p4 grant-permission -n //graphDepot1/repo8 -u bruno -p read

To limit a reference-related assignment (write-ref, write-all, create-ref, delete-ref, force-push) to a specific branch or tag:

p4 grant-permission -n //graphDepot1/repo8 -r "refs/heads/rel-2.1.14" -u bruno -p create-ref

To make the reference-related assignment apply to more than one branch or tag, use the asterisk (*) wildcard:

p4 grant-permission -n //graphDepot1/repo8 -r "refs/heads/rel-*" -u bruno -p delete-ref

To restrict a particular branch to a specified user or group, such as to restrict the master branch to the devops team:

p4 grant-permission -n //repo/test -g devops -p restricted-ref -r refs/heads/master

Related Commands

To list the permissions currently granted

p4 show-permission

To remove a permission

p4 revoke-permission

Additional product documentation
Perforce training portal
Perforce video library
Perforce knowledge base
Perforce customer support
Email us at: manual@perforce.com