New issue
Advanced search Search tips

Issue 2786 link

Starred by 1 user

Issue metadata

Status: Released
Owner: ----
Closed: Jul 2014

Sign in to add a comment

global admin capability to modify user accounts

Project Member Reported by, Jul 19 2014

Issue description

We have setup a "Third Party CI" group.  The group contains user accounts (all bots) that trigger on changes in our Gerrit repo, run tests externally, then reports back to our Gerrit.  

Here's an example:

You will notice that "XenServer CI" and "turbo-hipster" are accounts in the "Third Party CI" group.  Our Third Party CI group is starting to become pretty large so we want to delegate account management of this group  to a specific person (gerrit user).  This user is not an administrator nor a project owner, just a Registered user with permission to modify account settings. 

Currently Gerrit doesn't support this use case.  I would like to request for a global admin capability ACL [1] to allow groups to manage accounts.  Maybe something similar to 'Create Account', except it would be 'Modify  Account.

Project Member

Comment 1 by, Jul 20 2014

Status: AwaitingInformation
As discussed on dev ML thread, the appropriate way to
achieve what you want is to write a plugin or use/extend
already existing serviceuser plugin. Plugins can provide
plugin owned capabilities that can be granted to users
from Gerrit UI as normal (core) capabilities.

For example serviceuser plugin provides own
'Create Service User' capability [1].

Project Member

Comment 2 by, Jul 21 2014

Yes, you are right.  The service user plugin can address this use case.  However it doesn't address the general use case of allowing a user (or group) to modify any other user (or group) account.   I'm wondering why not just have a global capability in Gerrit core that allows one group to modify all other user accounts?  There are already capabilities to create account, create group, and view accounts.  Would it not make sense to add a "modify accounts" capability?  This capability could allow Gerrit admins to modify all other accounts/groups which Gerrit cannot do right now.
Labels: FixedIn-2.11
Status: Submitted
Status: Released

Comment 6 Deleted

Sign in to add a comment