= Gerrit Code Review - Groups == Overview In Gerrit, we assign permissions to groups of accounts. These groups can be provided by an external system such as LDAP, but Gerrit also has a group system built-in ("internal groups") Starting from 2.16, these internal groups are fully stored in link:note-db.html[NoteDb]. A group is characterized by the following information: * list of members (accounts) * list of subgroups * properties - visibleToAll - group owner Groups are keyed by the following unique identifiers: * GroupID, the former database key (a sequential number) * UUID, an opaque identifier. Internal groups use a 40 byte hex string as UUID * Name: Gerrit enforces that group names are unique == Storage format Group data is stored in the link:config-accounts.html#all-users[`All-Users` repository]. For each group, there is a ref, stored as a sharded UUID, e.g. ---- refs/groups/ef/deafbeefdeafbeefdeafbeefdeafbeefdeafbeef ---- The ref points to commits holding files. The files are * `members`, holding numeric account IDs of members, one per line * `subgroups`, holding group UUIDs of subgroups, one per line * `group.config`, holding further configuration. The `group.config` file follows the following format ---- [group] name = id = 42 visibleToAll = false description = groupOwnerUuid = ---- Gerrit updates the ref for a group based on REST API calls, and the commit log effectively forms an audit log which shows how group membership evolved over time. To ensure uniqueness of the name, a separate ref `refs/meta/group-names` contains a notemap, ie. a map represented as a branch with a flat list of files. The format of this map is as follows: * keys are the normal SHA1 of the group name * values are blobs that look like + ---- [group] name = uuid = ---- To ensure uniqueness of the sequential ID, the ID for each new group is taken from the sequence counter under `refs/sequences/groups`, which works analogously to the ones for accounts and changes. == Visibility Group ownership together with `visibleToAll` determines visibility of the groups in the REST API. Fetching a group ref is permitted to the group's owners that also have READ permissions on the ref. For users that are not owners, the permissions on the ref are ignored. In addition, anyone with the link:access-control.html#capability_accessDatabase[Access Database] capability can read all group refs. The `refs/meta/group-names` ref is visible only to users with the link:access-control.html#capability_accessDatabase[Access Database] capability. == Pushing to group refs Validation on push for changes to the group ref is not implemented, so pushes are rejected. Pushes that bypass Gerrit should be avoided since the names, IDs and UUIDs must be internally consistent between all the branches involved. In addition, group references should not be created or deleted manually either. If you attempt any of these actions anyway, don't forget to link:rest-api-groups.html#index-group[Index Group] reindex the affected groups manually. == Replication In a replicated setting (eg. backups and or primary/replica configurations), all refs in the `All-Users` project on primary nodes must be copied onto all replicas, including `refs/groups/*`, `refs/meta/group-names` and `refs/sequences/groups`.