| Issue 742: | Fine grained control for assigning admin permissions | |
| 7 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
Currently you can assign admin permissions to a user only by adding the user to the 'Administrators' group. This immediately means that the user can do all admin operations, it would be nice to be able to configure admin permission on a more fine grained level. E.g. admin operations for which privileges could be explicitly assigned are project creation/deletion/rename/archiving, group creation/deletion, creation of side-wide dashboards, access to database via gsql SSH command, flushing of caches etc. E.g. we would like to automate the project creation process and therefore want to create a service user which is allowed to create new groups and projects in Gerrit. However this service user should not be allowed to access the database or rename / delete projects (since renaming/deleting projects endangers build reproducibility).
Oct 7, 2010
Project Member
#1
edwin.ke...@gmail.com
May 19, 2011
After the git-store topic is in this can go into --All Projects-- as ref-less rules. Details: Look at where isAdministrator() is being called to find all these. Callers are probably the possible admin roles. Defer doing this for create project until prolog code is ready since custom handlers are likely wanted.
Status:
Accepted
Cc: mf...@codeaurora.org
May 20, 2011
Change https://review.source.android.com/23053 starts to lay out the global capability set.
Jun 16, 2011
Change https://review.source.android.com/23841 implements fine-grained admin permissions for most tasks, excluding create-project. Refactoring the create-project control logic is a bit more work, so I'm delaying that until another change.
Status:
Submitted
Labels: FixedIn-2.2.2 |
||||||||||
| ► Sign in to add a comment | |||||||||||