May 3, 2016

2016.1 Protections Roundup

What's New

Following my Command Line Roundup article, we now have even more tip & tricks! In addition to the features we've added to improve the command line user experience, 2016.1 includes a few features specifically to help administrators manage the protections table.  Here are the release note entries you might have missed:


Recursive user/group deletion

      #1351675 (Bug #2620) **

          'p4 user -d' and 'p4 group -d' now feature a new '-F' flag.

          This flag removes the user or group members from groups, and

          also removes the user or group from the protection table when

          deleting the user or group. See 'p4 help user' and 'p4 help

          group' for details.


A fairly common task when deleting a user for good is tracking down references to them to make sure they're no longer granted any permissions.  The new -F flag on user deletion completely automates this.


Protection table comments

      #1230024 (Bug #979) **

          'p4 protect' now supports comments (## prefix) which can be

          either interlaced with protection entries or appended to them.

              ## prevent update to this area of the repo

              write user mike * -//depot/readonly/location/...

              write user * //depot/secret/location/... ## Jeff


Since protection tables can get fairly complicated, it's a longstanding request to be able to store comments as part of the protection spec, and a handful of client-side solutions have already sprung up to facilitate comment storage, e.g. by encoding them in depot paths within the protections.  As of 2016.1 comments are now stored natively by the server. 

Note that the new native comments may not interoperate with client-side solutions -- see the release notes for specific caveats and workarounds regarding P4Admin's comment functionality in particular.


Back in time permissions reporting

      #1218702 (Bug #80232) **

          New flag '-s spec' for 'p4 protects' allows the 'super' user to

          run the command using the contents of the file in the spec depot

          rather than the current protections table.  This allows for

          back-in-time browsing of protection spec changes.


Not necessarily something that comes up every day, but if you're ever wondering if a given user had access to a given depot path on a given day, now there's a one-shot command to figure that out!

These are only a few of the features new to the 2016.1 release -- see the release notes for more!