This 'dlp' directory contains prototype broker filter scripts to make P4D more secure and suitable for multi-tenant silo operation. In this mode, different users and groups working on the server (tenants) shouldn't know that the other users/groups exist, and shouldn't be able to easily learn what they are doing.
Behavior changes from stock p4d:
The following commands require super access:
The following commands to list specs are rewritten so the last args are always '-u <you>', so you can list only your own specs.
The following scripts support this:
# Data Leakage Protection (DLP) This 'dlp' directory contains prototype broker filter scripts to make P4D more secure and suitable for multi-tenant silo operation. In this mode, different users and groups working on the server (tenants) shouldn't know that the other users/groups exist, and shouldn't be able to easily learn what they are doing. ## DLP Behaviors Behavior changes from stock p4d: ### Must Be Super The following commands require super access: - p4 groups - p4 users ### Stay In Your Lane The following commands to list specs are rewritten so the last args are always '-u <you>', so you can list only your own specs. - p4 branches - p4 clients - p4 labels - p4 remotes - p4 workspaces ### Must Be Owener * The following commands to edit/output a spec only allow it if you own it. - p4 branch - p4 client - p4 label - p4 remote - p4 user - p4 workspace # DLP Files The following scripts support this: * broker_imply-u.pl * broker_must_be_super.pl * broker_must_be_owner.pl # To Do * Think about what to do with 'p4 job' and 'p4 jobs'. * Think about what to do with 'p4 fix' and 'p4 fixes'. * Think about what to do with 'p4 repos'.
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#6 | 29182 | C. Thomas Tyler |
Moved HMS files from /p4/common/bin -> /p4/common/site/bin. Moved HMS files from /p4/common/lib -> /p4/common/site/lib. Removed dependency on SDP libs so that HMS can be deployed with a wider variety of SDP versions. |
||
#5 | 27767 | C. Thomas Tyler | Fixed doc typo. | ||
#4 | 26531 | C. Thomas Tyler |
Fixed doc typo with a missing end paren ')'. Tweaked to clarify that 'p4 workspace[s]' commands are built-in aliases for 'p4 client[s]'. |
||
#3 | 25979 | C. Thomas Tyler | Changed URLs to reference 'main' rather than 'dev' branch in ReadMe.md. | ||
#2 | 25978 | C. Thomas Tyler | Updated ReadMe.md. | ||
#1 | 25975 | C. Thomas Tyler | Added first cut of DLP as optional component of HMS. |