[p4] Closing down permissions on all a depot metadata
Thierry Michalowski
Thierry.Michalowski at echotech.ch
Thu May 18 00:24:59 PDT 2006
Hello,
I would like to remove permissions on a depot in such a way that without
an explicit granted access,
no user would be able to access any files **nor any metadata** on this
depot.
I have a group called p4users which actually only lists all other groups
as subgroups, thus making sure it contains all users.
The first lines of p4 protect are :
list user remote * -//...
list group p4users * -//...
The server security level is set to 2.
Now, if I login as a non-priviledged user, issuing "p4 depots" she will
not see a depot for which she has not been granted permissions by a
subsequent p4 protect entry. This is fine.
Unfortunately, "p4 changes" will display all changelists along with
their descriptions to this user , even for changelists that contained
files in non-accessible depots. Granted, the files she doesn't have
access to will not be listed in "p4 describe", but the changelist's
description will still be readable : this information alone can
sometimes give too much :-)
I am thinking that the only way to provide some real metadata isolation
is to run multiple perforce servers, possibly using P4AUTH ?
What is your opinion on this setup ? Did I miss something obvious ?
Thanks a lot!
Thierry Michalowski
More information about the perforce-user
mailing list