Actually, I can assign to the TF roles the SCM privileges Admin, Delete/View, Commit/View and View Only.
This is not sufficient for a role based development with big project teams.
Some users need the right to import/update from 3rd party repositories, not all users shall have the right to accept (merge) a Gerrit review, a Jenkins user shall Verify but not Accept

We need to distinguish between user types:

Contributor:
-------------
Create a pull request
Create a remote branch inside the repository
Create Code review (push to refs/for)
push commits on an unprotected branch
merge to an unprotected branch.
rebase on an unprotected branch.
Delete a remote unprotected branch inside the repository
Perform Code review (vote -2,0,+2 resp -1,0,+1)
Abandon own code review

Integrator (add-on to Contributor):
--------------------------------------
merge to a protected branch.
rewrite history of an unprotected branch

SCM manager (Arbitrator)
-----------------------------
push commits on a protected branch
rebase on a protected branch.
rewrite history of a protected branch
Delete a protected remote branch inside the repository
Abandon other one's code review

Verifier (Continous integration)
-----------------------------------
Perform Code review (vote -1,0,+1)


Change request:
==========
Extend the SCM privileges Admin, Delete/View, Commit/View and View Only
by
Integrate/View
Arbitrate/View
Verify/View

by: Rudolf W. | over a year ago | SCM