opendev/gerrit
Code Issues Proposed changes

Access control documentation: Kill and priority capabilities

Browse Source 
Kill and priority capabilities documented with links back and forth
to relevant places.

Change-Id: I9222979f01ef90a936954d479b44eb8913a4e79b
Signed-off-by: Fredrik Luthander <fredrik.luthander@sonymobile.com>
This commit is contained in:
Fredrik Luthander
2012-03-13 16:11:02 +01:00
committed by Gustaf Lundh
parent 74ad0d06ec
commit 468430286f
3 changed files with 43 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
Documentation/access-control.txt
View File

@@ -833,10 +833,6 @@ much of the server administration burden out to more users.
Below you find a list of capabilities available: Below you find a list of capabilities available:
* Kill Task
* Priority
* Start Replication * Start Replication
* View Caches * View Caches
@@ -897,6 +893,45 @@ This capability doesn't imply permissions to the show-caches command. For that
you need the <<capability_viewCaches,view caches capability>>. you need the <<capability_viewCaches,view caches capability>>.
[[capability_kill]]
Kill Task
~~~~~~~~~
Allow the operation of the link:cmd-kill.html[kill command over ssh]. The
kill command ends tasks that currently occupy the Gerrit server, usually
a replication task or a user initiated task such as an upload-pack or
recieve-pack.
[[capability_priority]]
Priority
~~~~~~~~
This capability allows users to use
link:config-gerrit.html#sshd.batchThreads[the thread pool reserved] for
link:access-control.html#non-interactive_users['Non-Interactive Users'].
It's a binary value in that granted users either have access to the thread
pool, or they don't.
There are three modes for this capability and they're listed by rising
priority:
No capability configured.::
The user isn't a member of a group with any priority capability granted. By
default the user is then in the 'INTERACTIVE' thread pool.
'BATCH'::
If there's a thread pool configured for 'Non-Interactive Users' and a user is
granted the priority capability with the 'BATCH' mode selected, the user ends
up in the separate batch user thread pool. This is true unless the user is
also granted the below 'INTERACTIVE' option.
'INTERACTIVE'::
If a user is granted the priority capability with the 'INTERACTIVE' option,
regardless if they also have the 'BATCH' option or not, they are in the
'INTERACTIVE' thread pool.
[[capability_queryLimit]] [[capability_queryLimit]]
Query Limit Query Limit
~~~~~~~~~~~ ~~~~~~~~~~~

2
Documentation/cmd-kill.txt
View File

@@ -19,7 +19,7 @@ its next cancellation point (which is usually blocking IO).
ACCESS ACCESS
------ ------
Caller must be a member of the privileged 'Administrators' group, Caller must be a member of the privileged 'Administrators' group,
or have been granted the 'Kill Task' global capability. or have been granted link:access-control.html#capability_kill[the 'Kill Task' global capability].
SCRIPTING SCRIPTING
--------- ---------

5
Documentation/config-gerrit.txt
View File

@@ -1957,8 +1957,9 @@ By default, 1.5x the number of CPUs available to the JVM.
[[sshd.batchThreads]]sshd.batchThreads:: [[sshd.batchThreads]]sshd.batchThreads::
+ +
Number of threads to allocate for SSH command requests from Number of threads to allocate for SSH command requests from
non-interactive users. If equals to 0, then all non-interactive link:access-control.html#non-interactive_users[non-interactive users].
requests are executed in the same queue as interactive requests. If equals to 0, then all non-interactive requests are executed in the same
queue as interactive requests.
+ +
Any other value will remove the number of threads from the queue Any other value will remove the number of threads from the queue
allocated to interactive users, and create a separate thread pool allocated to interactive users, and create a separate thread pool