Google Git
Sign in
roughtime/All-Projects/f6bcd086effb025dc1ab90e83c491f5c205df3a8^!/.
commit
f6bcd086effb025dc1ab90e83c491f5c205df3a8
[log]
author
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:22:14 2026 -0700
committer
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:22:14 2026 -0700
tree
46480f4388f09e5b0de7cf88351037f9ac0455f3
parent
e5d4842e87f50c068be23767b39f117088aeb03d [diff]
Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

diff --git a/groups b/groups
index ea4d81d..e92f0d8 100644
--- a/groups
+++ b/groups

@@ -1,7 +1,10 @@
 # UUID                                  	Group Name
 #
 19cb407985c62124c2fd1a496a1c90b9e2027f2f	SLSA Policy Verification Service Accounts
+296119a9fc8c99135e4e65da7cc8eaf72c5a2355	autoupdate-service-accounts
 746c50c1803469ed842a454112e8905cb2fc6ec0	dev
+b7478981dbc36455e220e2f3011465ff2477e6db	autoupdate-onboarding-service-accounts
+e4749958ff097ba7dbf7ae26fcbf775e1cac41b5	autoupdate-vigil-service-accounts
 global:Anonymous-Users                  	Anonymous Users
 global:Project-Owners                   	Project Owners
 global:Registered-Users                 	Registered Users

diff --git a/project.config b/project.config
index 39f69bb..8145cce 100644
--- a/project.config
+++ b/project.config

@@ -27,16 +27,23 @@
 	forgeCommitter = group Project Owners
 	forgeCommitter = group mdb/rough-time-service-team
 	push = +force group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	push = +force group mdb/rough-time-service-team
 	label-Code-Review = -2..+2 group Project Owners
 	label-Code-Review = -2..+2 group mdb/rough-time-service-team
 	label-Code-Review = -1..+1 group Registered Users
 	submit = group Project Owners
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	submit = group mdb/rough-time-service-team
 	editTopicName = +force group Project Owners
 	editTopicName = +force group mdb/rough-time-service-team
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	read = group Project Owners
@@ -65,3 +72,6 @@
 	copyCondition = changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN
 [capability]
 	administrateServer = group mdb/rough-time-service-team
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts