| Issue 2786: | global admin capability to modify user accounts | |
| 1 person starred this issue and may be notified of changes. | Back to list |
We have setup a "Third Party CI" group. The group contains user accounts (all bots) that trigger on changes in our Gerrit repo, run tests externally, then reports back to our Gerrit. Here's an example: https://review.openstack.org/#/c/107486/ You will notice that "XenServer CI" and "turbo-hipster" are accounts in the "Third Party CI" group. Our Third Party CI group is starting to become pretty large so we want to delegate account management of this group to a specific person (gerrit user). This user is not an administrator nor a project owner, just a Registered user with permission to modify account settings. Currently Gerrit doesn't support this use case. I would like to request for a global admin capability ACL [1] to allow groups to manage accounts. Maybe something similar to 'Create Account', except it would be 'Modify Account. [1] https://review.openstack.org/Documentation/access-control.html#global_capabilities
Jul 20, 2014
Project Member
#1
David.Os...@gmail.com
Status:
AwaitingInformation
Jul 21, 2014
Yes, you are right. The service user plugin can address this use case. However it doesn't address the general use case of allowing a user (or group) to modify any other user (or group) account. I'm wondering why not just have a global capability in Gerrit core that allows one group to modify all other user accounts? There are already capabilities to create account, create group, and view accounts. Would it not make sense to add a "modify accounts" capability? This capability could allow Gerrit admins to modify all other accounts/groups which Gerrit cannot do right now.
Jul 21, 2014
https://gerrit-review.googlesource.com/58748 https://gerrit-review.googlesource.com/58749
Status:
ChangeUnderReview
Jul 23, 2014
(No comment was entered for this change.)
Status:
Submitted
Labels: FixedIn-2.11
Apr 16, 2015
(No comment was entered for this change.)
Status:
Released
|
|
| ► Sign in to add a comment |