# p4d-protect.txt
#
# Example protections file for p4d-watch-admin.pl
# 
# Notes:
#       Use '#' for comments.
#       Last line that matches wins.
#       Negative rights turns off all access not already given. Set 
#         negative protections to 'open' since 'atg' given read and list access.
#
# Example groups
#       p4admin -- Perforce administrators
#       road -- maintains the Perforce depot
#	atg -- everyone in the company
#	p4protect -- controls Perforce protections
#       dev-edit -- list of groups that can edit internal web sites
#	p4protect-se -- controls SE's groups
#       xyz -- owner of //xyz/*/main/... and related codelines.
#
# $Id: //main/2005/road/p4d-watch/p4d-protect.txt#1 $
# $Date: 2006/10/20 $$Change: 597 $$Author: bbarber $

# Warn about direct use of 'p4 protect'
list user README * //road/Perforce/main/protections/p4d-protect.txt

# Superusers -- can run p4 protect, etc.
super group p4admin 127.0.0.1 //no-access

# By default, each group has write access to its codelines.
write group %1 * //%1/*/main/...
write group %1 * //%1/*/version/...
write group %1 * //%1/*/dev/...

# dev-edit group has write access to the internal web sites
write group dev-edit * //qa/web/main/...
write group dev-edit * //road/web/main/...
write group dev-edit * //se/web/main/...

# //user -- see end for individual protections
read group atg * //user/...
open user * * -//user/*/private/...
write group road * //user/*/main/README.txt

# .../final/...
read group atg * //*/*/final/...
write group road * //*/*/final/...

# //road/Perforce/main/protections and triggers
open user * *                   -//road/Perforce/main/protections/...
write group p4protect *         //road/Perforce/main/protections/...

# .../protections/...  other administrators
write user swang *              //road/Perforce/main/protections/group/escoe-version.txt

# .../protections/...  sole-administrators
open user  * *                  -//road/Perforce/main/protections/group/se-...
write group p4protect-se *      //road/Perforce/main/protections/group/se-...

# //... read and list access
#    must be after all negative write protections.  Else can not read.
read group atg * //*/*/dev/...
read group atg * //*/*/main/...
read group atg * //*/*/version/...
list group atg * //*/*
list group atg * //*/*/*
list group road * //*/*/dev/...
list group road * //*/*/final/...
list group road * //*/*/main/...
list group road * //*/*/version/...

# Hidden codelines
list group * * -//app/*/dev/after_5.6/...
list group * * -//product/*/dev/dcsjspa...

# Disallow remote access -- must be last
list user remote * -//...

# Write access for each user is automatically inserted here
#    Generated from 'p4 users | grep -v read-only'
#    For example:
#        write user releng * //user/releng/...
# 
# When Perforce disallows automatic user creation, replace with
#        write user %1 * //user/%1/...
