opendev/gerrit
Code Issues Proposed changes

Clarify documention of Administrators group

Browse Source 
- Clarify that this is a normal Gerrit group that has the
  'Administrate Server' capability preassigned.
- Remove the note about the 'Admin' menu which doesn't exist anymore
- Move the paragraphs that explain who should be administrator and
  that administrators don't have all access rights by default to
  the section of the 'Administrate Server' capability.

Change-Id: I620aacfb23f87a2275828e6caa160191c5fac9e2
Signed-off-by: Edwin Kempin <ekempin@google.com>
This commit is contained in:
Edwin Kempin
2016-04-07 08:44:39 +02:00
parent fae6bb2365
commit 1728742743
1 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
Documentation/access-control.txt
View File

@@ -99,21 +99,14 @@ Gerrit comes with two predefined groups:
[[administrators]] [[administrators]]
=== Administrators === Administrators
This is the Gerrit "root" identity. The capability This is a predefined group, created on Gerrit site initialization, that
link:access-control.html#capability_administrateServer['Administrate Server'] has the capability link:access-control.html#capability_administrateServer[
is assigned to this predefined group on Gerrit site creation. 'Administrate Server'] assigned.
Users in the 'Administrators' group can perform any action under It is a normal Gerrit group without magic. This means if you remove
the Admin menu, to any group or project, without further validation the 'Administrate Server' capability from it, its members are no longer
or any other access controls. In most installations only those Gerrit administrators, despite the group name. The group may also be
users who have direct filesystem and database access would be renamed.
placed into this group.
Membership in the 'Administrators' group does not imply any other
access rights. Administrators do not automatically get code review
approval or submit rights in projects. This is a feature designed
to permit administrative users to otherwise access Gerrit as any
other normal user would, without needing two different accounts.
[[non-interactive_users]] [[non-interactive_users]]
@@ -1175,10 +1168,19 @@ review metadata refs in repositories.
=== Administrate Server === Administrate Server
This is in effect the owner and administrator role of the Gerrit This is in effect the owner and administrator role of the Gerrit
instance. Any members of a group granted this capability will be instance. Any members of a group granted this capability will be
able to grant any access right to any group. They will also have all able to grant any access right to any group. They will also have all
capabilities granted to them automatically. capabilities granted to them automatically.
In most installations only those users who have direct filesystem and
database access should be granted this capability.
This capability does not imply any other access rights. Users that have
this capability do not automatically get code review approval or submit
rights in projects. This is a feature designed to permit administrative
users to otherwise access Gerrit as any other normal user would,
without needing two different accounts.
[[capability_batchChangesLimit]] [[capability_batchChangesLimit]]
=== Batch Changes Limit === Batch Changes Limit