how to set all reivewers not allow to cr2?

[陈翰林]

i settting many reviewers permission cr2 for different repos/branchs,is any way to set all the reviewers no cr2 permission by scripts or some config ?

thanks for your reply

[Yan]

You can simply create an account group and config the rights of this group in access once. Then use https://gerrit-review.googlesource.com/Documentation/cmd-set-members.html to add/remove members into/from this group.

[陈翰林]

it'snot ok,because i don't want all members have permission for all repo/branch,different people should control different repo

[Yan]

I never said all.... That's why you may need some special account groups, and then just add/remove members into/from those groups. Actually you can also use ldap groups.

[Sun King]

there is a function named Exclude in the access config page

[Matthias Sohn]

On Fri, Jan 7, 2022 at 8:13 AM '陈翰林' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

i settting many reviewers permission cr2 for different repos/branchs,is any way to set all the reviewers no cr2 permission by scripts or some config ?

thanks for your reply

Grant CR +2 only to project owners and create an owners group per repository.

We do something like this:

Standards enforced in All-Projects

In "All-Projects" we set restrictions which can't be overridden by project owners to enforce standard behavior.

E.g. we block:

• read access for anonymous users
• forging the committer and server identity to enforce that we know that only the committer of a change can push it

[project]

description = Permissions inherited by all other projects.

[access "refs/*"]

read = group Registered Users

read = block group Anonymous Users

forgeCommitter = block group Anonymous Users

forgeServerAsCommitter = block group Anonymous Users

viewDrafts = group Administrators

revert = group Registered Users

[access "refs/tags/*"]

exclusiveGroupPermissions = forgeCommitter

[access "refs/meta/config"]

label-Code-Review = -2..+2 group Administrators

label-Verified = -1..+1 group Administrators

submit = group Administrators

create = group Administrators

create = group Project Owners

[access "refs/notes/review"]

push = block group Anonymous Users

[access "refs/meta/*"]

push = group Administrators

[label "Verified"]

function = MaxWithBlock

value = -1 Fails

value = 0 No score

value = +1 Verified

copyAllScoresIfNoCodeChange = true

defaultValue = 0

[label "Code-Review"]

function = MaxWithBlock

copyMinScore = true

value = -2 Do not submit

value = -1 I would prefer that you didnt submit this

value = 0 No score

value = +1 Looks good to me, but someone else must approve

value = +2 Looks good to me, approved

copyAllScoresOnTrivialRebase = true

defaultValue = 0

[receive]

requireContributorAgreement = false

requireSignedOffBy = false

requireChangeId = true

createNewChangeForAllNotInTarget = false

rejectImplicitMerges = true

[submit]

mergeContent = true

[access "refs/for/refs/meta/config"]

push = group Administrators

[access "refs/tags/*"]

push = block group Anonymous Users

delete = block group Anonymous Users

[access "refs/for/*"]

addPatchSet = group Registered Users

[capability]

accessDatabase = group Administrators

administrateServer = group Administrators

createGroup = group Registered Users

delete-project-deleteOwnProject = group Registered Users

priority = batch group Non-Interactive Users

queryLimit = +0..+500 group Registered Users

queryLimit = group Anonymous Users

serviceuser-createServiceUser = group Registered Users

streamEvents = group Registered Users

default permissions configured in "Default-Settings":

This grants read access, permission to push changes and vote on CR -1...+1 and block their own changes by CR -2 

to all registered users in order to foster collaboration between projects. 

Projects inherit permissions from "Default-Settings". 

Project owners are defined by granting the owner privilege on "refs/*" to the owner group per repository.

They get more power so that they can change their project's permission settings, vote CR -2 ... +2, 

Verified -1 ... +1 and create branches and tags. This way we delegate project administration to

project owners.

[access]

inheritFrom = All-Projects

[access "refs/*"]

read = group Registered Users

forgeAuthor = group Registered Users

deleteOwnChanges = group Registered Users

[access "refs/for/refs/*"]

push = group Registered Users

pushMerge = group Registered Users

[access "refs/heads/*"]

create = group Project Owners

label-Code-Review = -2..+2 group Project Owners

label-Code-Review = -2..+1 group Change Owner

label-Code-Review = -1..+1 group Registered Users

label-Verified = -1..+1 group Project Owners

submit = group Project Owners

rebase = group Registered Users

[access "refs/tags/*"]

create = group Project Owners

createTag = group Project Owners

createSignedTag = group Project Owners

[access "refs/meta/config"]

read = group Registered Users

label-Code-Review = -2..+2 group Project Owners

label-Verified = -1..+1 group Project Owners

submit = group Project Owners

permissions for repository "foo" granted to owner group "foo_owners":

this defines that group foo_owners inherits permission settings from Default-Settings and

members of the group foo_owners own this repository

[access]

inheritFrom = Default-Settings

[access "refs/*"]

owner = group foo_owners

Also see https://gerrit-review.googlesource.com/Documentation/intro-project-owner.html

-Matthias

[陈翰林]

thanks all brothers,i get the way,create group for each branch-repo,and a big group for branch and add in the branch -repo groups,then set cr-2 permission at all-projects for the branch groups, i just need change the permission at all-projects setting simple for each ref/for/branchs.
thanks again