Access control documentation: Kill and priority capabilities

Kill and priority capabilities documented with links back and forth to relevant places. Change-Id: I9222979f01ef90a936954d479b44eb8913a4e79b Signed-off-by: Fredrik Luthander <fredrik.luthander@sonymobile.com>
2012-03-13 16:11:02 +01:00 · 2012-03-13 16:11:02 +01:00 · 468430286f
commit 468430286f
parent 74ad0d06ec
3 changed files with 43 additions and 7 deletions
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@ -833,10 +833,6 @@ much of the server administration burden out to more users.
 Below you find a list of capabilities available:


-* Kill Task
-
-* Priority
-
 * Start Replication

 * View Caches
@ -897,6 +893,45 @@ This capability doesn't imply permissions to the show-caches command.  For that
 you need the <<capability_viewCaches,view caches capability>>.


+[[capability_kill]]
+Kill Task
+~~~~~~~~~
+
+Allow the operation of the link:cmd-kill.html[kill command over ssh].  The
+kill command ends tasks that currently occupy the Gerrit server, usually
+a replication task or a user initiated task such as an upload-pack or
+recieve-pack.
+
+
+[[capability_priority]]
+Priority
+~~~~~~~~
+
+This capability allows users to use
+link:config-gerrit.html#sshd.batchThreads[the thread pool reserved] for
+link:access-control.html#non-interactive_users['Non-Interactive Users'].
+It's a binary value in that granted users either have access to the thread
+pool, or they don't.
+
+There are three modes for this capability and they're listed by rising
+priority:
+
+No capability configured.::
+The user isn't a member of a group with any priority capability granted. By
+default the user is then in the 'INTERACTIVE' thread pool.
+
+'BATCH'::
+If there's a thread pool configured for 'Non-Interactive Users' and a user is
+granted the priority capability with the 'BATCH' mode selected, the user ends
+up in the separate batch user thread pool. This is true unless the user is
+also granted the below 'INTERACTIVE' option.
+
+'INTERACTIVE'::
+If a user is granted the priority capability with the 'INTERACTIVE' option,
+regardless if they also have the 'BATCH' option or not, they are in the
+'INTERACTIVE' thread pool.
+
+
 [[capability_queryLimit]]
 Query Limit
 ~~~~~~~~~~~
--- a/Documentation/cmd-kill.txt
+++ b/Documentation/cmd-kill.txt
@ -19,7 +19,7 @@ its next cancellation point (which is usually blocking IO).
 ACCESS
 ------
 Caller must be a member of the privileged 'Administrators' group,
-or have been granted the 'Kill Task' global capability.
+or have been granted link:access-control.html#capability_kill[the 'Kill Task' global capability].

 SCRIPTING
 ---------
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@ -1957,8 +1957,9 @@ By default, 1.5x the number of CPUs available to the JVM.
 [[sshd.batchThreads]]sshd.batchThreads::
 +
 Number of threads to allocate for SSH command requests from
-non-interactive users. If equals to 0, then all non-interactive
-requests are executed in the same queue as interactive requests.
+link:access-control.html#non-interactive_users[non-interactive users].
+If equals to 0, then all non-interactive requests are executed in the same
+queue as interactive requests.
 +
 Any other value will remove the number of threads from the queue
 allocated to interactive users, and create a separate thread pool