P4Admin User Guide (2019.2)

Managing permissions

For details about how permissions work within Helix server, see the Helix Core Server Administrator Guide: Fundamentals.

View permissions

To display the files and folders to which a user has access, click the desired user on the Users tab.

To display the files and folders to which users in a group have access, click the desired group on the Groups tab.

To display the groups and users that have access to a file or folder, click the file or folder on the Depot Tree tab.

To see which lines of the protections table control access to a user, group, or area of the depot, click the user, group or folder of interest. The corresponding line in the protections table is highlighted. (If a user or group is neither granted nor denied access to a path by means of any entries in the protections table, the depot path displays "no access" and the "granted to" field is blank.)

To filter out lines in the right-hand pane, use the Access Level sliders to set the lowest and highest levels. The areas of the depot associated with the highlighted range of access values are displayed.

To see only those permissions that apply to a user’s workstation, enter the IP address of the workstation in the Host IP filter field. For example, permissions lines with a host value of 92.168.*.* and 192.168.1.* both apply to a workstation at 192.168.1.10.

To show files in the Depot Tree, click Show files.

Note

Virtual streams do not appear in the Depot Tree on the Permissions tab. Virtual streams map their parent’s paths, and permissions for virtual streams are therefore always set for the parent’s paths.

Edit the protections table

The protections table is displayed in the bottom pane of the screen. It is a representation of the table used by the p4 protect command, with exclusionary lines shown in red. For more information on the p4 protect command, see p4 protect in the Helix Core P4 Command Reference.

To edit the protections table, use the built-in editor or click p4v admin table icon to edit the protections table as text.

To deny access to a specific portion of the depot to a user or group, use an exclusionary mapping: place a dash (-) in front of the path in the Folder/File field. Exclusionary mappings apply to all access levels, even though only one access level can be selected in the Access Level field.

The following table describes the fields in the protections table.

Access Level

The permission being granted. Each permission level includes all lower-level permissions, except for review.

  • super: Grants access all commands and command options
  • admin: Permits those administrative commands and command options that don’t affect server security
  • write: Lets users submit open files
  • open: Lets users open files for add, edit, delete, and integrate
  • read: Lets users sync, diff, and print files
  • list: Lets users see names but not contents of files; users can see all non-file related metadata (workspaces, users, changelists, jobs, etc.
  • review: Allows access to the p4 review command. This leve is intended for automated processes. It implies read access.
  • ##: Adds a comment line to the protections table. For example:

    ## robinson crusoe
    write user * 10.1.1.1 //depot/test/...

User/Group

Indicates whether this line applies to a Perforce user or group.

Name

A Helix server user name or group name; can be wildcarded.

Host

The IP address of a client host; can be wildcarded.

Folder/File

The part of the depot to which access is being granted or denied. To deny access to a depot path, preface the path with a dash (-). Exclusionary mappings apply to all access levels, regardless of the access level specified in the first field.

Comment

Optional description of a table entry. Appends a comment at the end of a line using the ## symbols. For example: write user * 10.1.1.1 //depot/test/... ## robinson crusoe