Access levels required by Helix server commands

The following table lists the minimum access level required to run each command. For example, because p4 add requires at least open access, you can run p4 add if you have open, write, admin, or super access. (See p4 protect)

Command	Access Level	Notes
`add`	`open`
`admin`	`super`	An operator with `admin` can use all options except `updatespecdepot`, `resetpassword`, and `end-journal` A user with super can use all options
`annotate`	`read`
`archive`	`admin`
`attribute`	`write`	The `-f` flag to set the attributes of submitted files requires `admin` access.
`branch`	`open`	The `-f` flag to override existing metadata or other users' data requires `admin` access.
`branches`	`list`
`cachepurge`	`super`
`change`	`open`	The `-o` flag (display a change on standard output) requires only `list` access. The `-f` flag to override existing metadata or other users' data requires `admin` access.
`changes`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`clean`	`read`
`client`	`list`	The `-f` flag to override existing metadata or other users' data requires `admin` access.
`clients`	`list`
`clone`	`read`	On the remote server.
`configure`	`super`
`copy`	`list`	list access to the source files; `open` access to the destination files.
`counter`	`review`	list access to at least one file in any depot is required to view an existing counter’s value; `review` access is required to change a counter’s value or create a new counter.
`counters`	`list`
`cstat`	`list`
`dbschema`	`super`
`dbstat`	`super`
`dbverify`	`super`
`delete`	`open`
`depot`	`super`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access.
`depots`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`describe`	`read`	The `-s` flag to this command, which does not display file content, requires only `list` access.
`diff`	`read`
`diff2`	`read`
`dirs`	`list`
`diskspace`	`super`
`edit`	`open`
`export`	`super`
`extension`	`super`	The super user can delegate some permissions to admins and users.
`fetch`	`admin`
`filelog`	`list`
`files`	`list`
`fix`	`open`
`fixes`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`flush`	`list`
`fstat`	`list`
`grep`	`read`
`group`	`super`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access. The `-a` flag to this command requires only `list` access, provided that the user is also listed as a group owner. The `-A` flag requires `admin` access.
`groups`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`have`	`list`
`help`	`none`
`ignores`	`N/A`
`info`	`none`
`init`	`N/A`
`integrate`	`open`	The user must have `open` access on the target files and `read` access on the source files.
`integrated`	`list`
`interchanges`	`list`
`istat`	`list`
`job`	`open`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access. The `-f` flag to override existing metadata or other users' data requires `admin` access.
`jobs`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`jobspec`	`admin`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access.
`journalcopy`	`super`
`journaldbchecksums`	`super`
`journals`	super
`key`	`review`	list access to at least one file in any depot is required to view an existing key’s value; `review` access is required to change a key’s value or create a new key.
`key`	`list`	admin access is required if the `dm.keys.hide` configurable is set to `2`.
`keys`	`list`	admin access is required if the `dm.keys.hide` configurable is set to `1` or `2`.
`label`	`open`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. The `-f` flag to override existing metadata or other users' data requires `admin` access.
`labels`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`labelsync`	`open`
`ldap`	`super`
`ldaps`	`super`
`ldapsync`	`super`
`license`	`super`	The `-u` flag, which displays license usage, requires only `admin` access.
`list`	`open`
`lock`	`write`
`lockstat`	`super`
`logappend`	`list`
`logger`	`review`
`login`	`list`
`logout`	`list`
`logparse`	`super`
`logrotate`	`super`
`logschema`	`super`
`logstat`	`super`
`logtail`	`super`
`merge`	`open`
`monitor`	`list`	super access is required to terminate or clear processes, or to view arguments.
`move`	`open`
`obliterate`	`admin`
`opened`	`list`
`passwd`	`list`
`ping`	`admin`
`populate`	`open`
`print`	`read`
`property`	`list, admin`	list to read, `admin` to add/delete new properties, or show a property setting and sequence number for all users and groups.
`protect`	`super`
`protects`	`list`	super access is required to use the `-a`, `-g`, and `-u` flags.
`proxy`	`none`	Must be connected to a Helix Proxy.
`prune`	`write`	For stream owner.
`pull`	`super`
`push`	read or write	read on the local server or `write` on the remote server.
`reconcile`	`open`
`reload`	`open`	admin access is required to use `p4 reload -f` to reload other users' workspaces and labels.
`remote`	open or `list` or admin	open or `list` to use the `-o` option or `admin` to use the `-f` option.
`remotes`	`list`
`rename`	read or write	read for `fromFile` or `write` for `toFile`.
`renameuser`	`super`
`reopen`	`open`
`replicate`	`super`
`resolve`	`open`
`resolved`	`open`
`restore`	`admin`
`resubmit`	write or admin	write or `admin` for `-i` option.
`revert`	`list`
`review`	`review`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`reviews`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`server`	`super`
`serverid`	`list`	super access is required to set the server ID.
`servers`	`list`
`set`	`none`
`shelve`	`open`	admin access is required to forcibly delete shelved files with p4 shelve -f -d
`sizes`	`list`
`status`	`open`
`stream`	`open`
`streams`	`list`
`streamspec`	`admin`
`submit`	`write`
`switch`	open or `list` or write	open to use the `-c` or `-r` options, or `list` to use the `-L`, or `write` for default switching.
`sync`	`read`
`tag`	`list`
`tickets`	`none`
`triggers`	`super`
`trust`	`none`
`typemap`	`admin`	The `-o` flag to this command, which allows the form to be read but not edited, requires only `list` access.
`unload`	`open`	admin access is required to use `p4 unload -f` to unload other users' workspaces and labels.
`unlock`	`open`	The `-f` flag to override existing metadata or other users' data requires `admin` access.
`unshelve`	`open`
`unsubmit`	`admin`
`unzip`	`admin`
`update`	`list`
`user`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. The `-f` flag (which is used to create or edit users) requires `super` access.
`users`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot. If the `run.users.authorize` configurable is set to 1, you must also authenticate yourself to the server before you can run `p4 users`.
`verify`	`admin`
`where`	`list`	This command doesn’t operate on specific files. Permission is granted to run the command if the user has the specified access to at least one file in any depot.
`workspace`	`list`
`workspaces`	`list`
`zip`	`super`

Commands that list files, such as p4 describe, list only those files to which the user has at least list access.

Some commands (for example, p4 change, when you edit a previously submitted changelist) take a -f flag that can only be used by Helix server superusers. See Forcing operations with the -f flag for details.

For additional details, see p4 protect in Helix Core Command-Line (P4) Reference.