Jump to content


Any way to disable file browsing

file browsing depot browsing swarm

  • Please log in to reply
7 replies to this topic

#1 jspang

jspang

    Member

  • Members
  • PipPip
  • 26 posts

Posted 18 August 2014 - 06:06 PM

Is there any way to disable file/depot browsing in Swarm? Our depot security is set up in such a way that certain employees (e.g. Vendors) do not have access to view critical files. We just noticed that Swarm provides any logged in user with read access to any file in the depot! I'd like to disable this feature entirely.

I looked over the documentation here and didn't see anything. http://www.perforce....n.security.html

#2 P4MarcW

P4MarcW

    Advanced Member

  • Guests
  • PipPipPip
  • 30 posts
  • LocationVictoria, BC

Posted 18 August 2014 - 06:19 PM

There are a couple ways you can address this:
  • Require login so that users can only view what they're allowed to (from a Perforce protections table perspective). Otherwise, using Swarm anonymously (not logging in) will show whatever permissions the configured swarm user has access to.
  • If you don't want to require login, you can modify the protections table to restrict what parts of the depot that the swarm user can see. This is a lowest common denominator approach though, and might be too restrictive for your needs.
I'd recommend option #1 if possible. Give that a try and let us know how it goes.

Thanks,
-Marc

#3 jspang

jspang

    Member

  • Members
  • PipPip
  • 26 posts

Posted 18 August 2014 - 06:24 PM

We already require login, but the user in question reported that he was able to view files in Swarm that he does not normally have access to via P4 directly.

#4 P4PetrH

P4PetrH

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 18 August 2014 - 06:25 PM

View Postjspang, on 18 August 2014 - 06:06 PM, said:

We just noticed that Swarm provides any logged in user with read access to any file in the depot! I'd like to disable this feature entirely.

This is not true - Swarm filters out files/dirs users don't have list access to from their IP according to Perforce protections table - as long as ip protections emulation is enabled (by default), see http://www.perforce....ip_protections.

#5 P4MarcW

P4MarcW

    Advanced Member

  • Guests
  • PipPipPip
  • 30 posts
  • LocationVictoria, BC

Posted 18 August 2014 - 06:29 PM

Hmmm, that is indeed odd. What does the results of running this p4 command (as super) return?
p4 protects -m -u user_in_question  //path/to/files/in/question/...

If the output of that command shows they have read access, it would be a protections table issue.

It might be worth following up with our support organization if you confirm there is a mismatch between what Perforce reports via the command above and what they're able to see in Swarm.

Thanks,
-Marc

#6 jspang

jspang

    Member

  • Members
  • PipPip
  • 26 posts

Posted 18 August 2014 - 06:56 PM

It's possible that the problem was mis-reported to me. Maybe our protections table is set up incorrectly and the user just thought the issue was with Swarm. I'll check with him to get a more precise repro and then follow up with this thread when I have more information. Thanks guys!

#7 jspang

jspang

    Member

  • Members
  • PipPip
  • 26 posts

Posted 18 August 2014 - 08:48 PM

Apologies. It looks as if the user was mistaken about the files he is seeing in Swarm. The permissions seem to be set up correctly.

#8 P4MarcW

P4MarcW

    Advanced Member

  • Guests
  • PipPipPip
  • 30 posts
  • LocationVictoria, BC

Posted 18 August 2014 - 09:26 PM

No worries, glad to hear all is well. Please let us know if you have any further questions.
Cheers,
-Marc



Also tagged with one or more of these keywords: file browsing, depot browsing, swarm

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users