Google Git
Sign in
gerrit / gerrit / 4bae12079e8a37277fe62ddefe583f96297c0f65^! / .
commit4bae12079e8a37277fe62ddefe583f96297c0f65[log] [tgz]
authorEdwin Kempin <edwin.kempin@sap.com>Wed May 14 14:35:38 2014 +0200
committerDavid Pursehouse <david.pursehouse@sonymobile.com>Thu May 15 13:49:36 2014 +0900
tree93b66a364fa915435404321ff6b5fac6896b41a7
parent650b7c0adf2e1eec936d9e828aba6d27a7174193 [diff]
Describe most important access rights updates in 2.9 release notes

Change-Id: I2ed922e6807750b3606927ec04e18fb393d792c9
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>

diff --git a/ReleaseNotes/ReleaseNotes-2.9.txt b/ReleaseNotes/ReleaseNotes-2.9.txt
index 8948feb..cd23407 100644
--- a/ReleaseNotes/ReleaseNotes-2.9.txt
+++ b/ReleaseNotes/ReleaseNotes-2.9.txt

@@ -96,6 +96,40 @@
 * link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/rest-api-documentation.html#search-documentation.html[
 Search documentation].
 
+Access Rights
+~~~~~~~~~~~~~
+
+
+* New link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/access-control.html#capability_viewAllAccounts[
+global capability for viewing all accounts].
+
+* New link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/access-control.html#capability_viewPlugins[
+global capability for viewing the list of installed plugins].
+
+* New `Change Owner` group that allows to assign label permissions to the change owner.
+
+* Support link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/access-control.html#category_submit_on_behalf_of[
+on behalf of for submit].
+
+* Allow service users to access REST API if `auth.gitBasicAuth = true`.
++
+If link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.9/config-gerrit.html#auth.gitBasicAuth[
+auth.gitBasicAuth] is set to `true` in the `gerrit.config` file all
+HTTP traffic is authenticated using standard `BasicAuth` and the
+credentials are validated using the same auth method as configured for
+the Gerrit Web UI. E.g. for LDAP this means that users must use their
+LDAP password for Git over HTTP and for accessing the REST API.
++
+Service users are technical users that were created by the
+`create-account` SSH command. These users only exist in Gerrit and
+hence they do not have any LDAP password. This is why service users
+were not able to make use of the REST API if `auth.gitBasicAuth` was
+set to `true`.
++
+Now if `auth.gitBasicAuth` is set to `true` users that exist only in
+Gerrit but not in LDAP are authenticated with their HTTP password from
+the Gerrit database.
+
 Daemon
 ~~~~~~