# The form data below was edited by tom_tyler
# Perforce Workshop Jobs
#
# Job: The job name. 'new' generates a sequenced job number.
#
# Status: Job status; required field. There is no enforced or
# promoted workflow for transition of jobs from one
# status to another, just a set of job status values
# for users to apply as they see fit. Possible values:
#
# open - Issue is available to be worked on.
#
# inprogress - Active development is in progress.
#
# blocked - Issue cannot be implemented for some reason.
#
# fixed - Fixed, optional status to use before closed.
#
# closed - Issue has been dealt with definitively.
#
# punted - Decision made not to address the issue,
# possibly not ever.
#
# suspended - Decision made not to address the issue
# in the immediate future, but noting that it may
# have some merit and may be revisited later.
#
# duplicate - Duplicate of another issue that.
#
# obsolete - The need behind the request has become
# overcome by events.
#
# Project: The project this job is for. Required.
#
# Severity: [A/B/C] (A is highest) Required.
#
# ReportedBy The user who created the job. Can be changed.
#
# ReportedDate: The date the job was created. Automatic.
#
# ModifiedBy: The user who last modified this job. Automatic.
#
# ModifiedDate: The date this job was last modified. Automatic.
#
# OwnedBy: The owner, responsible for doing the job. Optional.
#
# Description: Description of the job. Required.
#
# DevNotes: Developer's comments. Optional. Can be used to
# explain a status, e.g. for blocked, punted,
# obsolete or duplicate jobs.
#
# Component: Projects may use this optional field to indicate
# which component of the project a givenjob is associated
# with.
#
# For the SDP, the list of components is defined in:
# //guest/perforce_software/sdp/tools/components.txt
#
# Type: Type of job [Bug/Feature]. Required.
Job: SDP-283
Status: open
Project: perforce-software-sdp
Severity: C
ReportedBy: cgeen
ReportedDate: 2017/12/13 12:47:18
ModifiedBy: tom_tyler
ModifiedDate: 2017/12/13 12:47:18
OwnedBy: tom_tyler
Description:
Enable filtered replica/edge with no need for local super user.
Implement a security model for use on filtered edge/replica sites
where no standard super user need be logged in (either with a
passsword or ticket file) for any operation, such as checkpoint
and recovery operations.
Only the ticket for the service-type account, which has 'super'
access but cannot run 'p4 protect', can exist on this type of
replica.
This model should document how the Protections should be
configured such that the replication service user is kept
in sync with the ArchiveDataFilter: of the server spec, so
that it is limited. Further Protections table entries will
restrict things such that standard super users accounts can
only access Peforce from 127.0.0.1 on a master server or
from the IP of known HA/DR *unfiltered* replicas.
Enable and document this mode of secure operation.
Component: core-unix
Type: Feature