Google Git
Sign in
gn/All-Projects/620b260f900140749d269931040474f396dc7397^!/.
commit
620b260f900140749d269931040474f396dc7397
[log]
author
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:16:03 2026 -0700
committer
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:16:03 2026 -0700
tree
2f69665cc6f7ddfdb9682cf1bd5b123628422ed6
parent
28046ebd394205a8e68e8bcd6b9d93786d3f4c22 [diff]
Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

diff --git a/groups b/groups
index e7b649d..86c73e3 100644
--- a/groups
+++ b/groups

@@ -1,7 +1,10 @@
 # UUID                                  	Group Name
 #
 25e1cfff90e3f648aa2acd2ee42818ea5b7177ce	gn-scoped
+403927c6ea7e2607dd8685c67463329745b869a1	autoupdate-service-accounts
 5c109e6b6e3bc0590371cb5ece58e716ada4b5da	SLSA Policy Verification Service Accounts
+ee87c80457698612d1b2a8cbc7d4ea4e8bb96f51	autoupdate-vigil-service-accounts
+fcfedbebca31cfcd7c033245d5bfb405bf9ae546	autoupdate-onboarding-service-accounts
 global:Anonymous-Users                  	Anonymous Users
 global:Project-Owners                   	Project Owners
 global:Registered-Users                 	Registered Users

diff --git a/project.config b/project.config
index 021d368..1092a43 100644
--- a/project.config
+++ b/project.config

@@ -28,11 +28,18 @@
 	label-Code-Review = -2..+2 group mdb/gn-gerrit-owners
 	label-Code-Review = -1..+1 group Registered Users
 	push = group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	push = +force group mdb/gn-gerrit-owners
 	submit = group Project Owners
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	submit = group mdb/gn-gerrit-owners
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	create = group Project Owners
@@ -63,6 +70,9 @@
 	copyCondition = changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MAX OR is:MIN
 [capability]
 	administrateServer = group mdb/gn-gerrit-owners
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 	viewAllAccounts = group gn-scoped
 [submit-requirement "Code-Review"]
 	submittableIf = label:Code-Review=MAX AND -label:Code-Review=MIN