Google Git
Sign in
boringssl/All-Projects/842e0a280c2d31665ec5a504d71e0d1f02c934b1^!/.
commit
842e0a280c2d31665ec5a504d71e0d1f02c934b1
[log]
author
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:23:58 2026 -0700
committer
Gerrit Code Review <server@googlesource.com>
Tue Apr 21 12:23:58 2026 -0700
tree
27e463b1a9a046897d519151896ceb4aa28c8c34
parent
b1aed5051eb3131944e2235951c3cb68c51c9f2b [diff]
Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

diff --git a/groups b/groups
index 359c0ef..f21d325 100644
--- a/groups
+++ b/groups

@@ -1,10 +1,13 @@
 # UUID                                                        	Group Name
 #
 094bcdc20bed08f854626c8fa8c2640ddfbb2189                      	Bazel robots
+32dc0a5de0987fd09b2299a1e8914fafa9e8fa62                      	autoupdate-service-accounts
 49862cc17c5a9ed82e97bf52ae4d03412f1ea6c4                      	bot-commit-grandfathered-bots
+51971dc55c9364f8a51edddd59b7647643de04d7                      	autoupdate-vigil-service-accounts
 60bfe3d68703783fe3b26c6cf94de7e6935771f7                      	bot-commit-bots
 64f36e423f1c655f470e3ebe90381a82d074f5d7                      	unused
 989194ee74bd1447cd9e0a342a340beb70614366                      	dev
+9b6a721467b835206f1b3aa4cc7fe85c9350f293                      	autoupdate-onboarding-service-accounts
 b82508da9de0fe9b1267567707c1152eaeadc0a6                      	unused2
 c858fde81af761c6cd3b79c6eb7922a5d57b609c                      	boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com
 cria:project-boringssl-committers                             	cria/project-boringssl-committers

diff --git a/project.config b/project.config
index c73bdc2..16c20f1 100644
--- a/project.config
+++ b/project.config

@@ -29,6 +29,8 @@
 	forgeCommitter = group Project Owners
 	forgeCommitter = group cria/project-boringssl-committers
 	push = group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	push = group cria/project-boringssl-committers
 	label-Code-Review = -2..+2 group Project Owners
 	label-Code-Review = -2..+2 group cria/project-boringssl-committers
@@ -41,10 +43,12 @@
 	label-Presubmit-BoringSSL-Verified = -1..+1 group Project Owners
 	label-Presubmit-BoringSSL-Verified = -1..+1 group boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com
 	submit = group Project Owners
-	submit = group boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com
-	submit = group cria/project-boringssl-committers
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	editTopicName = +force group Project Owners
 	editTopicName = +force group cria/project-boringssl-committers
+	submit = group boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com
+	submit = group cria/project-boringssl-committers
 	submit = group unused2
 	labelas-commit-queue = +0..+2 group unused2
 	label-Auto-Submit = +0..+1 group Change Owner
@@ -52,6 +56,9 @@
 	label-Owners-Override = +0..+1 group mdb/chrome-git-admins
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 	removeReviewer = group mdb/gwsq
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
@@ -152,6 +159,9 @@
 	administrateServer = group mdb/chrome-git-admins
 	createAccount = group mdb/gwsq
 	runAs = group mdb/gerrit-flows
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 	viewAllAccounts = group boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com
 	viewAllAccounts = group mdb/gerrit-flows
 	viewAllAccounts = group mdb/gwsq