RepositoryGetProtectionTable Method

Return Value

Type: IListProtectionEntry

p4 help protect

protect -- Modify protections in the server namespace

p4 protect
p4 protect -o
p4 protect -i

'p4 protect' edits the protections table in a text form.

Each line in the table contains a protection mode, a group/user
indicator, the group/user name, client host ID and a depot file
path pattern. Users receive the highest privilege that is granted
on any line.

Note: remote depots are accessed using the pseudo-user 'remote'.
To control access from other servers that define your server as
a remote server, grant appropriate permissions to the 'remote' user.

Mode: The permission level or right being granted or denied.
Each permission level includes all the permissions above
it, except for 'review'. Each permission only includes
the specific right and no lesser rights. This approach
enables you to deny individual rights without having to
re-grant lesser rights. Modes prefixed by '=' are rights.
All other modes are permission levels.

Valid modes are:

list - users can see names but not contents of files;
users can see all non-file related metadata
(clients, users, changelists, jobs, etc.)

read - users can sync, diff, and print files

open - users can open files (add, edit. delete,
integrate)

write - users can submit open files

admin - permits those administrative commands and
command options that don't affect the server's
security.

super - access to all commands and command options.

review - permits access to the 'p4 review' command;
implies read access

=read - if this right is denied, users can't sync,
diff, or print files

=branch - if this right is denied, users are not
permitted to use files as a source
for 'p4 integrate'

=open = if this right is denied, users cannot open
files (add, edit, delete, integrate)

=write = if this right is denied, users cannot submit
open files

Group/User indicator: specifies the grantee is a group or user.

Name: A Perforce group or user name; can include wildcards.

Host: The IP address of a client host; can include wildcards.

The server can distinguish connections coming from a
proxy, broker, or replica. The server prepends the string
'proxy-' to the IP address of the true client of such
a connection when the server enforces the protections.

Specify the 'proxy-' prefix for the IP address in the
Host: field in the protections table to indicate the
protections that should thus apply.

For example, 'proxy-*' applies to all connections from
all proxies, brokers, and replicas, while
'proxy-10.0.0.5' identifies a client machine with an IP
address of 10.0.0.5 which is connecting to p4d through
a proxy, broker, or replica.

If you wish to write a single set of protections entries
which apply both to directly-connected clients as well
as to those which connect via a proxy, broker, or
replica, you can omit the 'proxy-' prefix and also set
dm.proxy.protects=0. In this case, the 'proxy-' prefix
is not prepended to the IP address of connections which
are made via a proxy, replica or broker. Note that in
this scenario, all intermediate proxies, brokers, and
replicas should be at release 2012.1 or higher.

Path: The part of the depot to which access is being granted
or denied. To deny access to a depot path, preface the
path with a "-" character. These exclusionary mappings
apply to all access levels, even if only one access
level is specified in the first field.

The -o flag writes the protection table to the standard output.
The user's editor is not invoked.

The -i flag reads the protection table from the standard input.
The user's editor is not invoked.

After protections are defined, 'p4 protect' requires 'super'
access.

To get the protections table: