Google Git
Sign in
hafnium/All-Projects/697905ebf1540dbb3865e34cb1f35b541600a183^!/.
commit
697905ebf1540dbb3865e34cb1f35b541600a183
[log]
author
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:16:30 2026 -0700
committer
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:16:30 2026 -0700
tree
98a9f6c192ccc5a6082f8c84e76c4d0723972438
parent
ba237320b70093b7cc1c7e34e3d4d7c5513d80f5 [diff]
Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

diff --git a/groups b/groups
index 8ec94b6..470653e 100644
--- a/groups
+++ b/groups

@@ -1,7 +1,10 @@
 # UUID                                                        	Group Name
 #
+26b94d2e16a3d82e64c27e49a132e30c2132dce0                      	autoupdate-service-accounts
+586ba19649fa63d86bfa12f0f42de313a14dd5b8                      	autoupdate-onboarding-service-accounts
 63bde87f7337c8c48cb5732bd1023efd147cecd8                      	SLSA Policy Verification Service Accounts
 b15c340aa80bbf6266d54fe50c6c804b658bef3b                      	treehugger-robot
+cb21984e218be25d31f220c8d6e159582d188e62                      	autoupdate-vigil-service-accounts
 global:Anonymous-Users                                        	Anonymous Users
 global:Project-Owners                                         	Project Owners
 global:Registered-Users                                       	Registered Users

diff --git a/project.config b/project.config
index d7193b5..dee50ca 100644
--- a/project.config
+++ b/project.config

@@ -35,11 +35,18 @@
 	label-Code-Review = -2..+2 group mdb/hafnium-access
 	label-Code-Review = -1..+1 group Registered Users
 	push = group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	push = group mdb/hafnium-admin
 	submit = group Project Owners
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	submit = group mdb/hafnium-access
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	create = group Project Owners
@@ -80,6 +87,9 @@
 [capability]
 	administrateServer = group mdb/hafnium-admin
 	createAccount = group mdb/gwsq
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 	viewAllAccounts = group mdb/gwsq
 [submit-requirement "Code-Review"]
 	submittableIf = label:Code-Review=MAX AND -label:Code-Review=MIN