Managing Permissions

For details about how permissions work within Perforce, see the Perforce System Administrator's Guide.

View Permissions

To display the files and folders to which a user has access, click the desired user on the Users tab.

To display the files and folders to which users in a group have access, click the desired group on the Groups tab.

To display the groups and users that have access to a file or folder, click the file or folder in the Depot Tree tab.

To see which lines of the protections table control access to a user, group, or area of the depot, click the user, group or folder of interest. The corresponding line in the protections table is highlighted. (If a user or group is neither granted nor denied access to a path by means of any entries in the protections table, the depot path displays "no access" and the "granted to" field is blank.)

To filter out lines in the right-hand pane, use the Access Level sliders to set the lowest and highest levels. The areas of the depot associated with the highlighted range of access values are displayed.

To see only those permissions that apply to a user's workstation, enter the IP address of the workstation in the Host IP filter field. For example, permissions lines with a host value of 192.168.*.* and 192.168.1.* both apply to a workstation at

To show files in the Depot Tree, click Show files.


Virtual streams do not appear in the Depot Tree on the Permissions tab. Virtual streams map their parent's paths, and permissions for virtual streams are therefore always set for the parent's paths.

Edit the Protections Table

The protections table is displayed in the bottom pane of the screen. It is a representation of the table used by the p4 protect command, with exclusionary lines shown in red.

To edit the protections table, use the built-in editor or click to edit the protections table as text.

To deny access to a specific portion of the depot to a user or group, use an exclusionary mapping: place a dash (-) in front of the path in the Folder/File field. Exclusionary mappings apply to all access levels, even though only one access level can be selected in the Access Level field.

The following table describes the fields in the protections table.

Access Level

The permission being granted. Each permission level includes all lower-level permissions, except forreview.

  • super- access to all commands and command options

  • admin- permits those administrative commands and command options that don't affect server security

  • write- users can submit open files

  • open- users can open files for add, edit, delete, and integrate

  • read- users can sync, diff, and print files

  • list- users can see names but not contents of files; users can see all non-file related metadata (workspaces, users, changelists, jobs, etc.

  • review- allows access to the p4 review command; intended for automated processes, implies read access.

User/Group Indicates whether this line applies to a Perforce user or group.
Name A Perforce user name or group name; can be wildcarded.
Host The IP address of a client host; can be wildcarded.
Folder/File The part of the depot to which access is being granted or denied. To deny access to a depot path, preface the path with a dash (-). Exclusionary mappings apply to all access levels, regardless of the access level specified in the first field.
Comment Optional description of table entry.