From 79d3815b9e6ad719d134bff5532ce0dec8988e2d Mon Sep 17 00:00:00 2001 From: Fredrik Luthander Date: Tue, 13 Mar 2012 09:52:22 +0100 Subject: [PATCH] Access control documentation: Create group and project Contains short documentation on the 'Create group' and 'Create project' capabilities with links back from the command pages. Also includes a formatting fix in the 'Create account' capability. Change-Id: Iff883cbbbd4368703d5372012c205e72083f4248 Signed-off-by: Fredrik Luthander --- Documentation/access-control.txt | 24 +++++++++++++++++++----- Documentation/cmd-create-account.txt | 3 ++- Documentation/cmd-create-group.txt | 3 ++- Documentation/cmd-create-project.txt | 3 ++- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt index e7379eafbb..2db6a198ff 100644 --- a/Documentation/access-control.txt +++ b/Documentation/access-control.txt @@ -833,10 +833,6 @@ much of the server administration burden out to more users. Below you find a list of capabilities available: -* Create Group - -* Create Project - * Flush Caches * Kill Task @@ -866,13 +862,31 @@ capabilities granted to them automatically. Create Account ~~~~~~~~~~~~~~ -Allow link:cmd-create-account.html['account creation over the ssh prompt']. +Allow link:cmd-create-account.html[account creation over the ssh prompt]. This capability allows the granted group members to create non-interactive service accounts. These service accounts are generally used for automation and made to be members of the link:access-control.html#non-interactive_users['Non-Interactive users'] group. +[[capability_createGroup]] +Create Group +~~~~~~~~~~~~ + +Allow group creation. Groups are used to grant users access to different +actions in projects. This capability allows the granted group members to +either link:cmd-create-group.html[create new groups via ssh] or via the web UI. + + +[[capability_createProject]] +Create Project +~~~~~~~~~~~~~~ + +Allow project creation. This capability allows the granted group to +either link:cmd-create-project.html[create new git projects via ssh] +or via the web UI. + + [[capability_queryLimit]] Query Limit ~~~~~~~~~~~ diff --git a/Documentation/cmd-create-account.txt b/Documentation/cmd-create-account.txt index 31bc482627..98f950f048 100644 --- a/Documentation/cmd-create-account.txt +++ b/Documentation/cmd-create-account.txt @@ -28,7 +28,8 @@ created in Gerrit that do not exist in the underlying LDAP directory. ACCESS ------ Caller must be a member of the privileged 'Administrators' group, -or have been granted the 'Create Account' global capability. +or have been granted +link:access-control.html#capability_createAccount[the 'Create Account' global capability]. SCRIPTING --------- diff --git a/Documentation/cmd-create-group.txt b/Documentation/cmd-create-group.txt index 7549c3893a..475d2c5664 100644 --- a/Documentation/cmd-create-group.txt +++ b/Documentation/cmd-create-group.txt @@ -28,7 +28,8 @@ becomes a member of the newly created group. ACCESS ------ Caller must be a member of the privileged 'Administrators' group, -or have been granted the 'Create Group' global capability. +or have been granted +link:access-control.html#capability_createGroup[the 'Create Group' global capability]. SCRIPTING --------- diff --git a/Documentation/cmd-create-project.txt b/Documentation/cmd-create-project.txt index cc7e9299e0..f22141c9a4 100644 --- a/Documentation/cmd-create-project.txt +++ b/Documentation/cmd-create-project.txt @@ -39,7 +39,8 @@ on the remote system to create the empty repository. ACCESS ------ Caller must be a member of the privileged 'Administrators' group, -or have been granted the 'Create Project' global capability. +or have been granted +link:access-control.html#capability_createProject[the 'Create Project' global capability]. SCRIPTING ---------