GitCentric Group-Based ACLs
On the Git side, you define group-based ACLs and apply them to repositories, to control what kind of access group members have to GitCentric-controlled Git repos and branches. (GitCentric group-based ACLs are different than -- and should not be confused with -- AccuRev Element ACLs or “EACLs”, which control access to files on the AccuRev server.)
GitCentric provides five system or pre-defined internal or groups:
• Administrators (internal)
• Anonymous Users (system)
• Non-interactive Users (internal)
• Repository (“Project”) Owners (system)
• Registered users (system)
You can define more groups as necessary.
GitCentric is installed with a basic set of ACLs on a special, system-defined project named “All-Projects”, from which all repos inherit their base set of ACLs. These basic ACLs are set to be highly secure, so you will need to customize them for your site before your users can use GitCentric.
The general topic of group-based ACLs is beyond the scope of this document, so you will need to learn about them from the Gerrit Code Review documentation referenced below, but at a very high level:
Every user account is a member of one or more groups, and access and privileges are granted to those groups. You cannot grant access rights to individual users.
Access rights are then assigned to these groups per repo (or “project”). Access rights granted to parent repos are inherited by child repos. Access rights defined for the All-Projects project are inherited by all other projects.
For information about creating and configuring GitCentric group ACLs from the GitCentric UI, see
Configure Access Rights (ACLs) for a Repo on page 34.
Because GitCentric group ACLs are derived from Gerrit Code Review, they are documented in detail in the Gerrit Code Review documentation. See the
Access Controls topic in the Gerrit Code Review documentation for more information.
Configuring Multiple Git Repos with AccuRev and EACLs
In AccuRev, it is a fairly common practice to configure depots and files with ACLs so that only certain users can access them. For example, assume that you hire an off-shore contract company to develop code for an optional feature to your main product line. You might want to give staff in corporate headquarters access to all files and directories, while restricting access of the off-shore team to just those files and directories that they need to get the job done.
By setting up ACLs in the AccuRev environment, and then mapping Git repositories and branches to these AccuRev depots and streams, you can give the off-shore team access to just the repo containing their files, while giving your domestic teams access to the repo that contains all your files (see
Figure 4 on page 8).
For information about setting up ACLs in the AccuRev environment, see the following AccuRev documentation:
• On-Line Help Guide: Chapter 8, “Security”
• Administrator’s Guide: Chapter 9, “AccuRev Security Overview”
• CLI User’s Guide: eacl, setacl, lsacl, and mkuser command descriptions in Chapter 2, “AccuRev Command Line Reference”
Getting Started
Once you have completed this chapter, and after you have installed GitCentric as described in the AccuRev
GitCentric Installation and Release Notes, you should proceed to
Get Started on page 13 in
Chapter 2 How to... to learn how to configure your GitCentric environment and use it for the first time.