From d61c6eb312a311a5c40804a089f6c6375fe92b63 Mon Sep 17 00:00:00 2001 From: David Pursehouse Date: Tue, 23 Apr 2013 18:51:04 +0900 Subject: [PATCH] Update documentation to clarify how to set Global Capabilities The documentation does not clearly state that the Global Capabilities are set via the access rights of the root project (All-Projects). Also the section in which the Global Capabilities are documented is named "System Capabilities" which makes it harder to find by searching. Change the name of the section, and add a clarification paragraph. Change-Id: I46eaf1e81dfc4962f482571fe25b6a6a10e17b45 --- Documentation/access-control.txt | 9 ++++++--- Documentation/rest-api.txt | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt index 5e704608e0..b7f69f36da 100644 --- a/Documentation/access-control.txt +++ b/Documentation/access-control.txt @@ -1021,11 +1021,11 @@ on `refs/for/refs/heads/` rather than permissions to upload changes on `refs/heads/`. -[[system_capabilities]] -System capabilities +[[global_capabilities]] +Global Capabilities ------------------- -The system capabilities control actions that the administrators of +The global capabilities control actions that the administrators of the server can perform which usually affect the entire server in some way. The administrators may delegate these capabilities to trusted groups of users. @@ -1036,6 +1036,9 @@ administrative control of the server. This makes it possible to keep fewer users in the administrators group, even while spreading much of the server administration burden out to more users. +Global capabilities are assigned to groups in the access rights settings +of the root project ("`All-Projects`"). + Below you find a list of capabilities available: diff --git a/Documentation/rest-api.txt b/Documentation/rest-api.txt index c2172d7f52..303fc4b5ca 100644 --- a/Documentation/rest-api.txt +++ b/Documentation/rest-api.txt @@ -112,7 +112,7 @@ if options are set which cannot be used together. calling user has no sufficient permissions. E.g. some REST endpoints require that the calling user has certain -link:access-control.html#system_capabilities[global capabilities] +link:access-control.html#global_capabilities[global capabilities] assigned. `403 Forbidden` is also used if `self` is used as account ID and the