Helix Core Server Administrator Guide: Multi-Site Deployment (2019.2)

Service users

There are three types of Helix server users: standard users, operator users, and service users.

  • A standard user is a traditional user of Helix server
  • an operator user is intended for human or automated system administrators
  • a service user is for server-to-server authentication as part of the replication process.
    Service users are:
    • useful for remote depots in single-server environments
    • required for multi-server and distributed environments
    • do not consume Helix server licenses

Create a service user for each master, replica, or proxy server that you control. This makes it easier to interpret your server logs. Having service users improves security, by requiring that your edge servers and other replicas have valid login tickets before they can communicate with the master or commit server.

Tickets and timeouts for service users

A newly-created service user that is not a member of any groups is subject to the default ticket timeout of 12 hours. To avoid issues that arise when a service user’s ticket ceases to be valid, create a group for your service users that features an extremely long timeout, or to unlimited. On the master server, issue the following command:

p4 group service_users

Add service1 to the list of Users: in the group, and set the Timeout: and PasswordTimeout: values to a large value or to unlimited.

Group:            service_users
Timeout:          unlimited
PasswordTimeout:  unlimited

Service users must have a ticket created with the p4 login for replication to work.

Permissions for service users

On the master server, use p4 protect to grant the service user super permission. Service users are tightly restricted in the commands they can run, so granting them super permission is safe. For example:

super group unlimited_timeout * //..."

grants the super permission to the group named unlimited_timeout.