p4 grant-permission (graph)

Assign the specified permission for the specified depot of type graph (or a repo in that depot) to the specified user or group.

Syntax conventions

p4 [g-opts] grant-permission -d graphDepot1 -g group [-r ref] -p permission
p4 [g-opts] grant-permission -d graphDepot1 -u user [-r ref] -p permission
p4 [g-opts] grant-permission -n //graphDepot1/reponame -g group [-r ref] -p permission
p4 [g-opts] grant-permission -n //graphDepot1/reponame -u user [-r ref] -p permission  
p4 [g-opts] grant-permission -n //graphDepot1/reponame -g group -r ref -p restricted-ref                                                
p4 [g-opts] grant-permission -n //graphDepot1/reponame -u user -r ref -p restricted-ref

Description

The user who creates a depot is the owner of that depot and always has full admin rights to the depot. An admin user can grant permissions, including the admin permission, to groups and users of the depot or a repo it contains.

This command does not verify the existence of the specified user or group. Nor does this command verify the existence of the specified reference to a branch or tag. Therefore, you can use those options before or after creating the user, group, or reference to a branch or tag.

Permissions are additive. For example, you can give a user the create-repo permission, and later also give that user the delete-repo permission. After you have granted a permission, you can remove that permission with p4 revoke-permission.

Options

-d	Applies to the depot and its repos. Note The Helix Server superuser can specify -d * to grant the permission for all repos in all graph depots.
-n	Applies to the repo with the specified name.
-g	Applies to the specified group.
-u	Applies to the specified user.
-r	Optional for the create-ref, delete-ref, and write-ref permissions to specify the ref, a reference that corresponds to a repository’s branch, such as refs/heads/release, or a tag, which might represent a release number, such as refs/heads/rel-2.1.14. See https://git-scm.com/book/en/v2/Git-Internals-Git-References. Required for the restricted-ref permission.
-p	Applies the specified permission.
g-opts	See Global options.

Permissions

When you grant a permission to a user or group, that user or group receives:

• the specified permission
• any permissions that are implied (implicitly included) with the explicit permission

The implied permissions associated with each assigned permission:

Assigned Permission	Implied Permission
	admin	force-push	delete-ref	create-ref	delete-repo	create-repo	write-all	write-ref	read
admin
force-push
delete-ref
create-ref
delete-repo
create-repo
write-all
write-ref
read

The capability associated with each permission:

admin	Grant and revoke permissions for the repo or depot specified. Note This is different from the admin of p4 protect. A user who is super through p4 protect automatically has this admin capability. The owner of the repo or graph depot automatically has admin capability for that repo or graph depot.
force-push	Force an overwrite to the branch.
delete-ref	Delete the repository’s branch or tag specified by -rref.
create-ref	Create and set the initial value of -rref for the specified repository’s branch or tag. Note Does not include the write-ref permission.
delete-repo	Delete a repo in the specified depot of type graph.
create-repo	Allows a user to create a new repo on the graph depot through the git push command. For details, see Helix4Git Administrator Guide, which explains how to create and view repos.
write-all	Read and update files and references of the branch or tag specified by -rref. This permission allows a user to clone, pull, and push a repo that already exists in the graph depot. Does not include the create-repo permission. Note Modified files are not checked against the protection table nor for Git LFS locks.
write-ref	Read and update the repository’s branch or tag specified by -rref. Note Modified files are checked against the protection table and for Git LFS locks. This is the sole permission that applies the protection setting in the protections table for a file or directory. See p4 protect and "Authorizing access" in Helix Core Server Administrator Guide.
read	Read the files in the specified depot or repo. This allows the user to clone and pull from the repo. Note This is different from the read permission of p4 protect.

The following permission is exclusive and has no implied permissions:

restricted-ref

The specified user or group can update the ref, (branch or tag) specified by the -r option. If set, only users with this permission can perform an update. This prevents other users with write-ref or write-all from updating the specified reference. (See the final example.)

Examples

To assign the read permission for the specified depot of type graph (and its repos) to the specified user:

p4 grant-permission -p read -d graphDepot1 -u bruno

To limit the assignment to a specific repo within a specific graph depot:

p4 grant-permission -n //graphDepot1/repo8 -u bruno -p read

To limit a reference-related assignment (write-ref, write-all, create-ref, delete-ref, force-push) to a specific branch or tag:

p4 grant-permission -n //graphDepot1/repo8 -r "refs/heads/rel-2.1.14" -u bruno -p create-ref

To make the reference-related assignment apply to more than one branch or tag, use the asterisk (*) wildcard:

p4 grant-permission -n //graphDepot1/repo8 -r "refs/heads/rel-*" -u bruno -p delete-ref

To restrict a particular branch to a specified user or group, such as to restrict the master branch to the devops team:

p4 grant-permission -n //repo/test -g devops -p restricted-ref -r refs/heads/master

Usage Notes

Can File Arguments Use Revision Specifier?	Can File Arguments Use Revision Range?	Minimal Access Level Required
N/A	N/A	super, or admin of the repo or graph depot see p4 grant-permission (graph)

Related Commands

To list the permissions currently granted	p4 show-permission
To remove a permission	p4 revoke-permission