Update Gerrit permissions for global service users (built at http://cl/899219124) Added permissions: Section [refs/heads/*]: Read: ALLOW: autoupdate-vigil-service-accounts ALLOW: autoupdate-service-accounts ALLOW: autoupdate-onboarding-service-accounts Submit: ALLOW: autoupdate-vigil-service-accounts ALLOW: autoupdate-service-accounts Push: ALLOW: autoupdate-vigil-service-accounts ALLOW: autoupdate-service-accounts Section [GLOBAL_CAPABILITIES]: viewAllAccounts: ALLOW: autoupdate-vigil-service-accounts ALLOW: autoupdate-service-accounts ALLOW: autoupdate-onboarding-service-accounts

diff --git a/groups b/groups
index 1fbdb93..ad89e47 100644
--- a/groups
+++ b/groups

@@ -1,8 +1,11 @@
 # UUID                                  	Group Name
 #
+32fe1fed61a4c318332648200484f9fb729366c6	autoupdate-vigil-service-accounts
 63e39719427665e83e03530767546a82273651f9	akaros-git-pusher
 71195434036f4569dce12d9e815b7af1f8f26256	Akaros-CLA-Accepted
 9d043ebeaea0b6c0ecb3213bd6df5fa8f4a52ded	SLSA Policy Verification Service Accounts
+9e593e5b8acfcde83fcadc5cc9911f4fcdddad46	autoupdate-service-accounts
+ded1934b7da907682adb10f65a7c361eb3858436	autoupdate-onboarding-service-accounts
 global:Anonymous-Users                  	Anonymous Users
 global:Project-Owners                   	Project Owners
 global:Registered-Users                 	Registered Users

diff --git a/project.config b/project.config
index e8254b7..04523da 100644
--- a/project.config
+++ b/project.config

@@ -26,17 +26,24 @@
 	push = deny group mdb/akaros
 	push = group Project Owners
 	push = +force group akaros-git-pusher
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	label-Code-Review = -2..+2 group Project Owners
 	label-Code-Review = -2..+2 group mdb/akaros
 	label-Code-Review = -1..+1 group Registered Users
 	submit = deny group Project Owners
 	submit = deny group mdb/akaros
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	submit = group mdb/gerritcodereview
 	editTopicName = +force group Project Owners
 	editTopicName = +force group mdb/akaros
 	pushMerge = group akaros-git-pusher
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	read = group Project Owners
@@ -72,6 +79,9 @@
 	accepted = group Akaros-CLA-Accepted
 [capability]
 	administrateServer = group mdb/akaros
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 [notify "team"]
 	header = cc
 	email = akaros-reviews@google.com