Google Git
Sign in
aomedia/All-Projects/eda98512888c015c9628a93f8ed107616f752857^!/.
commit
eda98512888c015c9628a93f8ed107616f752857
[log]
author
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:16:18 2026 -0700
committer
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:16:18 2026 -0700
tree
beef93a0318b80809ff8f577414b3466bbc09c30
parent
53b808d6964d0c79f0eacab2d79e3d6227f36e11 [diff]
Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

diff --git a/groups b/groups
index d24fa86..32f07dc 100644
--- a/groups
+++ b/groups

@@ -1,8 +1,11 @@
 # UUID                                  	Group Name
 #
 00fba069826520dec109eef49f3914dde6f1673f	Blocked Users
+0434ca5e305fcbf2c4ee73ded7bd2a3506596262	autoupdate-service-accounts
 18cf7f27ecb1f1d727d16d5dfeaf019d9b9f5c83	Administrators
+1fb378e0746f1cf06e643ef7cca1c083b77c07b7	autoupdate-vigil-service-accounts
 2d17ca3ba578ebe9e0798efc4ca023f2685f7856	aom-googlers
+449eaac4606e2be1517fc575d7fa40ace7b36008	autoupdate-onboarding-service-accounts
 6aa943a8d1abd393ddcd472d7f0d857acb942d46	aom-interns
 9f26ada1fdf1ae26de801eea0a9a69b37e70a151	aom-committers
 ca5c1c3492e3257adb0dc1b2caeb8a365e3a534f	gerrit-submit-requirements-admins

diff --git a/project.config b/project.config
index 9259d6c..d0d7768 100644
--- a/project.config
+++ b/project.config

@@ -26,17 +26,24 @@
 	forgeCommitter = group Project Owners
 	push = group Administrators
 	push = group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	label-Code-Review = -2..+2 group Administrators
 	label-Code-Review = -2..+2 group Project Owners
 	label-Code-Review = -1..+1 group Registered Users
 	label-Code-Review = block -1..+1 group Blocked Users
 	submit = group Administrators
 	submit = group Project Owners
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	editTopicName = +force group Administrators
 	editTopicName = +force group Project Owners
 	editTopicName = +force group Registered Users
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	read = group Administrators
@@ -88,6 +95,9 @@
 [capability]
 	administrateServer = group Administrators
 	createAccount = group mdb/gwsq
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 [submit-requirement "Code-Review"]
 	description = At least one maximum vote for label 'Code-Review' is required
 	submittableIf = label:Code-Review=MAX,user=non_uploader AND -label:Code-Review=MIN