[p4] p4 protect table management by non-super users?

Weintraub, David david.weintraub at bofasecurities.com
Mon Jul 10 07:10:27 PDT 2006


The protection table can only be edited by super users, and there really
isn't a way around this. For example, how would you allow such a feature
to be implemented? Each depot having its own protection table? What if I
keep everything in one depot, but some subdirectory of that depot has
differing permissions? What if this sub-directory is found in different
levels of my depot tree?

However, you can get around this limitation by creating your own trigger
to do something similar to the protection table. I haven't done this
with Perforce, but I have done this with other Version Control Systems
such as ClearCase and Subversion.

I have a master file that I control. It tells me which manager can set
permissions for which part of the source tree. Then, each manager has
their own file which tells me the permissions on their little piece of
the sub-tree. If I have 10 manager, I have 11 files. One for me telling
me which manager and which part of the source tree they control, and one
for each of the managers.

When a manager changes their permission file, I have a trigger that goes
through it and verifies that they are only permissioning their part of
the source directory tree. If they are referring to an area outside of
their tree, I reject the submission.

When a user submits a file, I go through all of the manager files, and
verify that some manager somewhere gave this user permission to submit
the file. If not, I reject that submission.

This only works for submissions, so you can't prevent the user from
reading a file with this system (like you can with the permission
tables), only prohibit a user from making changes. Also, you have to
verify what happens if a manager gets a change in the source subtree
they control. I didn't do that in my original script, and that caused
some minor issues when I did change which manager was responsible for
which particular subtree.


-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Sheizaf, Yariv
Sent: Monday, July 10, 2006 9:15 AM
To: perforce-user at perforce.com
Subject: [p4] p4 protect table management by non-super users?

Hi,

Is there any way to let people who are not super users to mange "p4
protect" table to their groups (for example, define a "depot super user"
that has permissions
To modify content of "p4 protect" table - only to the given depot)?

If somebody wrote such tool or have a procedure please let me know.

Regards,

Yariv Sheizaf
bmc software
Identity Management BU
Configuration Manager
Office:  +972-3-6451-281

_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user



More information about the perforce-user mailing list