Search code examples
gerrit

Gerrit project access allows users to remove the users from gerrit project

My Gerrit Version is -2.10.2

Regarding an Gerrit group (Delete user permission), I am the Gerrit administrator, I have user add/delete permission for Gerrit groups. Today I noticed that even the users who all have access to Gerrit group, are also able to remove users from Gerrit group. I thought, only admin can perform the manage groups and users permissions, whereas it is working for user as well. I have checked the project it has configured the access from “Rights Inherit From: All-Projects” also “Project All-Projects” it has below settings.

Global Capabilities

Administrate Server -
Allow -  Administrators

Priority -
Batch -  Non-Interactive Users

Stream Events - 
Allow - Non-Interactive Users

Could you let me know where I can configure the permission, So that user should is not allowed to remove the user from Gerrit group. Only Gerrit administrator need to have users add & delete permission from Gerrit groups.

enter image description here

Solution

  • Check the following:

    • Click on the "General" tab of some group.
    • Look at the group in the "Owners" field

    All users that are members of the owner group (or members of one of its sub-groups) has the permission to add and remove users to original group.

    Put the administrator group (or other group you want) in this field and click on the "Change owner" button.