Preventing Accidental User Creation

Info & Tags

Article #:
39
Created:
04/16/07
Modified:
01/18/10
Tags:
groups, protections, user creation, users

Related Articles

  1. Deleted Users Keep Reappearing
  2. Disabling User Auto Creation
  3. Formless Command Line Client Creation on Windows
  4. Resetting Protections
  5. Exclusionary Protections

Links

  1. Perforce System Administrator's Guide
    Documentation
  2. Protections
    Perforce System Administrator's Guide
  3. p4 group
    Perforce Command Reference
  4. p4 protect
    Perforce Command Reference

PROBLEM

How do I prevent new users from being created accidentally?


SOLUTION

As of Rel 98.2, Perforce groups can be used to control user access. Normally, Perforce creates a new user in its database whenever a command is issued by a username it has not seen before. A Perforce superuser can disable the creation of new users by assigning all authorized users to a group, and permitting access to the authorized group only.

You can use P4V to create a group by running Tools, Administration, Users and Groups, Admin, New, Group.   Or you can create a group from the command line with: 

p4 group groupname

Use p4 protect to edit the protections table and deny access to users not in the authorized group. For example, the default protections, which look like: 

write user * * //...

Should be changed to: 

write group groupname * //...

In P4V, you can edit the protections table by running Tools, Administration, Permissions, and click the line and field to edit in the bottom pane.

Please note that any lines in the protections table that specify "user *" allow the automatic creation of a user. This applies to exclusionary mappings as well for servers before 2008.1. All protections must be by group (such as "group *" or "group groupname") or by specifying a particular user (eg. "user joe") if you want to avoid automatic user creation.

For more information on protections, review the chapter on "Protections" in the Perforce System Administrator's Guide.