Perforce 2000.2 Command Reference (2000.2.cr.1)
<< Previous Chapter
p4 print
Table of Contents
Index
Perforce on the Web
Next Chapter >>
p4 rename

p4 protect


Synopsis

Control users' access to files, directories, and commands

Syntax

p4 [g-opts] protect
p4 [g-opts] protect -o
p4 [g-opts] protect -i

Description

Use p4 protect to control Perforce permissions. You can use p4 protect to:

Perforce provides six levels of access. The access levels are:

Access Level
What the User Can Do

list

The user can access all the Perforce metadata, but has no access to file contents. The user can run all the commands that describe Perforce objects, such as p4 files, p4 client, p4 job, p4 describe, p4 branch, etc.

read

The user can do everything permitted with list access, and also run any command that involves reading file data, including p4 print, p4 diff, p4 sync, and so on.

open

This gives the user permission to do everything she can do with read access, and gives her permission to p4 add, p4 edit, and p4 delete files. However, the user is not allowed to lock files or submit files to the depot.

write

The user can do all of the above, and can also write files with p4 submit and lock them with p4 lock.

review

This permission is meant for external programs that access Perforce. It gives the external programs permission to do anything that list and read can do, and grants permission to run p4 review and p4 counter. It does not include open or write access.

super

Includes all of the above, plus access to the superuser commands such as p4 verify, p4 obliterate, p4 jobspec, etc.

Form Fields

When you run p4 protect , Perforce displays a form with a single field, Protections:. Each permission is specified in its own indented line under the Protections: header. Each line has five values; these values are:

Column
Description

Access Level

One of the access levels list, read, open, write, review, or super, as defined above.

User or Group

Does this protection apply to a user or a group?

The value of this field must be user or group.

Group Name or User Name

The name of the user or the name of the group, as defined by p4 group.

To grant this permission to all users, use the * wildcard.

Host

The IP address. Use the * wildcard to refer to all IP addresses.

Depot File Path

The depot file path this permission is granted on, in Perforce depot syntax. The file specification can contain Perforce wildcards.

To exclude this mapping from the permission set, use a dash (-) as the first character of this value.

When exclusionary mappings are not used, a user will be granted the highest permission level listed in the union of all the mappings that match the user, the user's IP address, and the files the user is trying to access. In this case, the order of the mappings is irrelevant.

When exclusionary mappings are used, order is relevant: the exclusionary mapping override any matching protections listed above it in the table. No matter which access level is being denied in the exclusionary protection, all the access levels for the matching users, files, and IP addresses are denied.

Options

-i

Read the form from standard input without invoking an editor

-o

Write the form to standard output without invoking an editor

g_opts

See the Global Options section.

Usage Notes

Can File Arguments Use
Revision Specifier?

Can File Arguments Use
Revision Range?

Minimal Access Level Required

No

No

super

a This command doesn't operate on specific files. Thus, permission is granted to run the command if the user has the specified access to at least one file in the depot.
b The -o flag to this command, which allows the form to be read but not edited, requires only list access.
c list access is required to view an existing counter's value; review access is required to change a counter's value or create a new counter.
d To run p4 integrate, the user needs open access on the target files and read access on the donor files.

Examples

Suppose that user joe is a member of groups devgroup and buggroup, as set by p4 group, and the protections table reads as follows:

super         user          bill        *               //...
write         group         devgroup       *               //depot/...
write         group         buggroup       *               -//depot/proj/...
write         user          joe         192.168.100.*   //...

Joe attempts a number of operations. His success or failure at each is described below:

From IP address...
Joe tries...
Results

10.14.10.1

p4 print //depot/misc/...

Succeeds. The second line grants Joe write access on these files; write access includes read access, and this protection isn't excluded by any subsequent lines.

10.14.10.1

p4 print //depot/proj/README

Fails. The third line removes all of Joe's permissions on any files in this directory. (If the second protection and the third protection had been switched, then the subsequent protection would have overridden this one, and Joe would have succeeded).

192.168.100.123

p4 print //depot/proj/README

Succeeds. Joe is sitting at an IP address from which he is granted this permission in the fourth line.

192.168.100.123

p4 verify //depot/misc/...

Fails. p4 verify requires super access; Joe doesn't have this access level no matter which IP address he's coming from.

Related Commands

To create or edit groups of users

p4 group

To list all user groups

p4 groups


Perforce 2000.2 Command Reference (2000.2.cr.1)
<< Previous Chapter
p4 print
Table of Contents
Index
Perforce on the Web
Next Chapter >>
p4 rename
Please send comments and questions about this manual to [email protected].
Copyright 1997, 2000 Perforce Software. All rights reserved.
Last updated: 12/21/00