There are three types of
operator users, and
standarduser is a traditional user of Helix server.
Standard users are the default, and each standard user consumes one Helix server license.
operatoruser is intended for human or automated system administrators.
operatoruser does not require a Helix server license.
serviceuser is used for server-to-server authentication in the context of remote depots and multi-server environments. See Remote depots and multi-server development.
Service users do not require licenses, but are restricted to automated inter-server communication processes in replicated and multi-server environments.
The following sections describe these types and how they need to be managed.
Once you set the user type, you cannot change it.
creates a new user record in its database whenever a command is issued by
a user who does not exist.
superusers can also use the
-f (force) flag to create a new
user as follows:
$ p4 user -f username
Fill in the form fields with the information for the user you want to create.
p4 user command also has an option
-i) to take its input from the standard input instead of
the forms editor. To quickly create a large number of users, write a
script that reads user data, generates output in the format used by the
p4 user form, and then pipes each generated form to
p4 user -i -f.
service user for each
service you install can simplify the task of interpreting your server
logs, and also improve security by requiring that any remote
services with which yours is configured to communicate have valid login
tickets for your installation. Service users do not consume
A service user can run the following commands:
|p4 dbschema||p4 export||p4 info|
|p4 login||p4 logout||p4 logparse|
|p4 logschema||p4 logstat||p4 logtail|
|p4 passwd||p4 servers||p4 user|
Although a service user cannot run p4 pull directly on the command line, the service user on a replica automatically runs this command to retrieve metadata and archive content (versioned files) from the master.
To create a service user, run the command:
$ p4 user -f service1
The standard user form is displayed. Enter a new line to set the new
Type: to be
User: service1 Email: [email protected] FullName: Service User for remote depots Type: service
By default, the output of
p4 users omits service
users. To include service users, run
p4 users -a.
Tickets and timeouts for service users
A newly-created service user that is not a member of any groups is
subject to the default ticket timeout of 12 hours. To avoid issues that
arise when a service user’s ticket ceases to be valid, create a group for
your service users that features an extremely long timeout, or set the
unlimited. On the master server, issue the
$ p4 group service_users
service1 to the list of
Users: in the
group, and set the
PasswordTimeout: values to a large value or to
Group: service_users Timeout: unlimited PasswordTimeout: unlimited Subgroups: Owners: Users: service1
Permissions for service users
On your server, use
p4 protect to grant the service
super permission. Service users are tightly restricted
in the commands they can run, so granting them
permission is safe. If you are only using the service user for remote
depots and code drops, you may further reduce this user’s permissions as
described in Restricting access to remote depots.
Organizations whose system administrators do not use
versioning capabilities might be able to economize on licensing costs by
operator user type.
operator user type is intended for system
administrators who, even though they have
admin privileges, are responsible for the maintenance of the
Helix Core server, rather than
the development of software or other assets on the server.
operator user does not require a
license, and can run only the following commands:
p4 pull (including -lj)