gerrit access rights old vs new

3,854 views
Skip to first unread message

Bernard Talbert

unread,
Nov 27, 2011, 10:25:48 PM11/27/11
to Repo and Gerrit Discussion
I've seen previous postings complaining how latest Gerrit release's
access rights
don't match the documentation ..

http://review.coreboot.org/Documentation/access-control.html

But I think I've figured out the new GUI. I just need someone to
confirm for me that
the following permissions you see when you click "Add Permission" are
equivalent to
the old categories described in the outdated documentation. In
particular I'm not sure
if I know what "Create Reference" does.

New Old
-------------------------------------------------------------
Label Verified = Verified
Label Code-Review = Code Review
Create Reference = Push Branch +2
Forge Author Identity = Forge Identity +1
Forge Committer Identity = Forge Identity +2
Forge Server Identity = Forge Identity +3
Owner = Owner
Push = Push Branch +1
Push Merge Commit = Push Branch +3
Push Annotated Tag = Push Tag
Read = Read Access
Submit = Submit

Also after you add a permission (e.g. "Read") you will see a pulldown
menu next
to the entry with "ALLOW", "DENY", and "BLOCK" options. What is the
difference between "DENY" and "BLOCK"? I'm assuming for Read, ALLOW is
the same as "Read Access +1" so "DENY" for Read is the same as
"Read Access -1" right? So what is "BLOCK"?


Message has been deleted

Edwin Kempin

unread,
Nov 28, 2011, 3:28:15 AM11/28/11
to Bernard Talbert, Repo and Gerrit Discussion
Hi Bernard,

BLOCK means that this access right is denied and child projects can't overwrite this. BLOCK was introduced by change 22061 [1].
By configuring a BLOCK permission on the All-Projects you might globally prohibit certain access rights. Then even project owners can't reenable this access right by explicitly assigning ALLOW for it (which would be possible if it would just be a DENY on the All-Projects project).
E.g. we are using it to prevent deletion of tags in the central repositories.

Your table looks mostly good to me, but I think some mappings should be a bit different:
New                                   Old
-------------------------------------------------------------
Push + Force Push checkbox being set = Push Branch +3
Push Merge Commit        = Read +3 Upload merges permission

Best regards,
Edwin

[1] https://gerrit-review.googlesource.com/22061

2011/11/28 Bernard Talbert <bernard...@gmail.com>




--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

Bernard Talbert

unread,
Nov 28, 2011, 1:36:03 PM11/28/11
to Repo and Gerrit Discussion
Thanks!!


Reply all
Reply to author
Forward
0 new messages