opendev/gerrit
Code Issues Proposed changes

Correct access control documentation about project ownership

Browse Source 
We have long since moved project ownership from a single group on the
project level to an 'Owner' category in the access control list for
the project.

Change-Id: I01100b1e6a48dc8f80b89d718f19de38983fba8d
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2009-08-22 13:41:38 -07:00
parent 9941a0fb77
commit 7145220c74
1 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Documentation/access-control.txt
View File

@@ -156,19 +156,6 @@ in any other project's `Access` administration tab.
Per-Project
~~~~~~~~~~~
Every project has a group designated as its owner. Users who are
members of the owner group can:
* Change the project description
* Change the owner of the project to another group
* Create/delete a branch through the web UI (not SSH)
* Grant/revoke access rights
Note that project owners implicitly have branch creation or deletion
through the web UI, but not through SSH. To get SSH access project
owners must grant an access right to their own group, just like
for any other user.
The per-project ACL is evaluated before the global
`\-- All Projects \--` ACL, permitting some limited override
capability to project owners. This behavior is generally only
@@ -183,6 +170,22 @@ Gerrit comes pre-configured with several default categories that
can be granted to groups within projects, enabling functionality
for that group's members.
[[category_OWN]]
Owner
~~~~~
The `Owner` category controls which groups can modify the project's
configuration. Users who are members of an owner group can:
* Change the project description
* Create/delete a branch through the web UI (not SSH)
* Grant/revoke any access rights, including `Owner`
Note that project owners implicitly have branch creation or deletion
through the web UI, but not through SSH. To get SSH branch access
project owners must grant an access right to a group they are a
member of, just like for any other user.
[[category_READ]]
Read Access
~~~~~~~~~~~
@@ -448,8 +451,8 @@ Ensure `category_id` is unique within your `approval_categories`
table. The default values `VRIF` and `CVRF` used for the categories
described above are simply that, defaults, and have no special
meaning to Gerrit. The other standard category_id values like
`READ`, `SUBM`, `pTAG` and `pHD` have special meaning and should
not be modified or reused.
`OWN`, `READ`, `SUBM`, `pTAG` and `pHD` have special meaning and
should not be modified or reused.
The `position` column of `approval_categories` controls which column
of the 'Approvals' table the category appears in, providing some