Reputation: 139
Is it possible to set permissions in Perforce such that a user cannot integrate into a certain area of the depot?
In a perforce depot I have an area containing stable branches, and an area containing unstable branches. I want to control a users ability to create new branches (using p4 integrate) within the stable area. So for example my depot is laid out like so:
//depot
/stable
stable_branch_1/...
stable_branch_2/...
... (I want users to be stopped from integrating to here)
/unstable
unstable_branch_1/...
unstable_branch_2/...
... (I want users to be able to integrate to here)
I'm aware that in the p4 permissions I can set something like:
=branch user * * -//depot/stable/...
(c.f.) but this is the exact opposite of what I need (i.e. bans users from using stable as a source for integrations, rather than a target).
I'm very surprised that it doesn't seem possible to do what I want without resorting to using triggers, can anyone provide any suggestions?
Edit: Just to make clear I wan't users to continue to be able to write to the stable folder, I just want to prevent an integrate operation being performed with the stable folder as a target.
Upvotes: 2
Views: 3233
Answers (3)
Reputation: 18135
Adding this to your protections table will prevent the user from integrating into //depot/stable while still allowing them to integrate from it:
=write user * * -//depot/stable/...
Remember, order is important. Perforce applies the permissions in the order that they are listed. This...
=write user * * -//depot/stable/... write user * * //...
...is no different than this:
write user * * //...
Also, Perforce throws a rather unintuitive error when a denied user attempts to integrate into the forbidden area. Instead of saying something sensible like, "You do not have permission to write to this folder", it pops up this nonsense:
alt text http://img410.imageshack.us/img410/4579/p4deniedintegration.png
Upvotes: 2
Reputation:
Ok,
combining the collective wisdom here and from our Perforce admin, I'd suggest the following:
write user * * -//depot/stable/...
write user * * //depot/stable/existing/branchA
write user * * //depot/stable/existing/branchB
i.e. take away write-rights from the stable-depot and then re-grant it again. Also, it is important to note the difference between =write and write. The first one grants exactly write-rights (and nothing else, no read, no sync, no nothing), the latter one grants write-rights and all lower level rights (e.g. read, sync).
Upvotes: 3
Reputation: 11213
If you set explicit permissions on each subbranch in your stable area you should be able to give users full access to existing branches/projects you have created, but they will be unable to create new brances/projects
eg. In your permissions file (I dont know the syntax and dont have perforce on this machine)
# Do not give any permissions for //depot/stable
write user_group * * //depot/stable/stable_Branch_1/...
write user_group * * //depot/stable/stable_Branch_2/...
write user_group * * //depot/stable/stable_Branch_3/...
etc
Your users should now not be able to create any new branches/projects/folders at the //depot/stable/... level but have full permissions above. You cant prevent them from integrating into the existing branches though. That I'm afraid involves user education!
Upvotes: 1
Related Questions
- How to protect Helix Perforce/p4 to not allow create new users?
- Revoke user permission in perforce
- Perforce group privileges
- Configure Perforce to require passwords for admin users?
- Perforce permissions for creating stream depots?
- How to do both ways integrations across different Perforce depots?
- Only allow integration into a branch in perforce
- Can user have private area on Perforce?
- How to prevent developers from deleting perforce depot?
- How to prevent people from editing other's workspace options in Perforce?