opendev/gerrit
Code Issues Proposed changes

Describe most important access rights updates in 2.9 release notes

Browse Source 
Change-Id: I2ed922e6807750b3606927ec04e18fb393d792c9
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
Edwin Kempin
2014-05-14 14:35:38 +02:00
committed by David Pursehouse
parent 650b7c0adf
commit 4bae12079e
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
ReleaseNotes/ReleaseNotes-2.9.txt
View File

@@ -96,6 +96,40 @@ Documentation
* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/rest-api-documentation.html#search-documentation.html[
Search documentation].
Access Rights
~~~~~~~~~~~~~
* New link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/access-control.html#capability_viewAllAccounts[
global capability for viewing all accounts].
* New link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/access-control.html#capability_viewPlugins[
global capability for viewing the list of installed plugins].
* New `Change Owner` group that allows to assign label permissions to the change owner.
* Support link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/access-control.html#category_submit_on_behalf_of[
on behalf of for submit].
* Allow service users to access REST API if `auth.gitBasicAuth = true`.
+
If link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/config-gerrit.html#auth.gitBasicAuth[
auth.gitBasicAuth] is set to `true` in the `gerrit.config` file all
HTTP traffic is authenticated using standard `BasicAuth` and the
credentials are validated using the same auth method as configured for
the Gerrit Web UI. E.g. for LDAP this means that users must use their
LDAP password for Git over HTTP and for accessing the REST API.
+
Service users are technical users that were created by the
`create-account` SSH command. These users only exist in Gerrit and
hence they do not have any LDAP password. This is why service users
were not able to make use of the REST API if `auth.gitBasicAuth` was
set to `true`.
+
Now if `auth.gitBasicAuth` is set to `true` users that exist only in
Gerrit but not in LDAP are authenticated with their HTTP password from
the Gerrit database.
Daemon
~~~~~~