Page MenuHomePhabricator
Create Task
Maniphest T289258

Requesting access to restricted and analytics-privatedata-users for Kate Levan
Closed, ResolvedPublicRequest
Actions

Description

  • Wikitech username: KateLevan
  • Preferred shell username: katelevan
  • Email address: klevan at wikimedia.org
  • SSH Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYnzDYxs+7rtPRYDOVjat2U2KMgaghAxNpDLTfEKBL9q18GxgYd+jh7lw03a003uG52AgXK28llh72M2Kyobqg5ltcTiXyqMOPtLGLgMz7s8h0unc6NvaVCr+udG5PWaAv6Dm8B5Alc3Vu7bFnncrGSOG9ivUrm+2XCMobFi567SGSK9HDWgkxrCNv7zoqRr+XUfT5vf66SH7OP+qSVR419NytjFmzOVj/B8Sy4SrNPL6BwakH9qGwGUKiyEl+X309K42uoJsQDC8DTuQbSVjgecpcXlxtsxRVywtSfjct9NszzM2RWX0DpvhiG4c3u+BRXbSXi5OZZ8r6/z91cKvynvRWX0Z3PXDGQ17Expl5dHVGbWBXd0sNfKAk2bKdUMzoGBMZiRlvhJYEX+SWHfFtwUUkCkdZDQratjT8bEv1d/QIMMTatVs9YWK0Q+mrPRTrA2W1mO3foNm8ZWXXtgR83Uo92grcoF8JqL+kQwNEdYX9bZRMA5YA85ZZNsZNGJaa/MSBY0RRc7rgoIc5xzkxL+JqevkDUzVaYXccD70XGczbUzfWQhOI00XTfl6GTpaIC3URmMu960D+4Vgnp8KisE9onOQ46khLM8coaKN+hFwvodJNfhoQy4El9APP8D2VYH1Ey3hhvZ4SG8VNeFUIsQZVnSDBHrJdssWgq4CA0Q== .
  • Requested group membership: ‘restricted’ and ‘analytics-privatedata-users’

I'd like to request membership for @KLevan to the ‘restricted’ and ‘analytics-privatedata-users’ group. The Trust and Safety team has a number of workflows requiring shell access and private analytics logs (hadoop). She is a member of the T&S team and requires those accesses for her regular work. Specifically some of the workflows she needs to be able to do (and needs this access for):

  • Run maintenance scripts (mwmaint servers) to:
    • To add or reset user email addresses when locked out of their account (again after identity verification)
    • To permanently remove illegal images from the servers
  • Lookup private information such as user email addresses for legal or T&S investigations (such as urgent threats of harm or court orders).
  • Query webserver logs for private information such as IPs which have viewed certain pages (usually court orders)

KLevan has already signed L3. @NNair is KLevan’s people manager. Naha, could you confirm/approve this request by commenting here?

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key.
  • - access request has sign off of WMF manager
  • - access request has sign off of group approver for 'restricted' T289258#7296725
  • - access request has sign off of group approver for 'analytics-privatedata-users'
  • - Patchset for access request

Details

SubjectRepoBranchLines +/-
admin: add katelevanoperations/puppetproduction+14 -2
Customize query in gerrit

Event Timeline

Nahid created this task.Aug 19 2021, 1:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 19 2021, 1:28 PM
NNair added a comment.Aug 19 2021, 1:32 PM

This is approved for Kate.

-Neha

Nahid added a project: Trust-and-Safety.Aug 19 2021, 1:40 PM
KLevan updated the task description. (Show Details)Aug 19 2021, 1:40 PM
Nahid updated the task description. (Show Details)Aug 19 2021, 1:42 PM
Maintenance_bot added a project: SRE.Aug 19 2021, 1:45 PM
RobH moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Aug 19 2021, 2:58 PM
RobH added subscribers: odimitrijevic, thcipriani, RobH.

@odimitrijevic,

This is one of three current requests to add a new wmf employee to both ‘restricted’ and ‘analytics-privatedata-users’. As the director of Analytics, we'd like your approval (or defer approval to someone in your team) to add this user to ‘analytics-privatedata-users’. Please comment with your approval or other information.

@thcipriani,

This is one of three current requests to add a new wmf employee to both ‘restricted’ and ‘analytics-privatedata-users’. As the manager of Release Engineering, we'd like your approval (or defer approval to someone in your team) to add this user to ‘restricted’. Please comment with your approval or other information.

RobH added a comment.Aug 19 2021, 3:00 PM
This comment was removed by RobH.
thcipriani added a comment.Aug 20 2021, 12:21 AM
In T289258#7295002, @RobH wrote:

@thcipriani,

This is one of three current requests to add a new wmf employee to both ‘restricted’ and ‘analytics-privatedata-users’. As the manager of Release Engineering, we'd like your approval (or defer approval to someone in your team) to add this user to ‘restricted’. Please comment with your approval or other information.

Maintenance scripts use-case makes sense, approved!

RobH assigned this task to odimitrijevic.EditedAug 20 2021, 4:38 PM
In T289258#7295002, @RobH wrote:

@odimitrijevic,

This is one of three current requests to add a new wmf employee to both ‘restricted’ and ‘analytics-privatedata-users’. As the director of Analytics, we'd like your approval (or defer approval to someone in your team) to add this user to ‘analytics-privatedata-users’. Please comment with your approval or other information.

@odimitrijevic, This is just pending your approval so I've assigned it to you to ensure visibility. Please comment and if approved, just remove yourself (so it is unassigned) and it'll be picked up by myself (if this week) or by SRE clinic duty next week. Thanks!

RobH updated the task description. (Show Details)Aug 20 2021, 4:40 PM
RobH updated the task description. (Show Details)
RobH unsubscribed.Aug 20 2021, 9:43 PM
jcrespo triaged this task as High priority.Aug 26 2021, 1:58 PM
odimitrijevic added a comment.Aug 31 2021, 6:03 PM

Approved.

gerritbot added a comment.Sep 2 2021, 6:55 AM

Change 716207 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] admin: add katelevan

https://gerrit.wikimedia.org/r/716207

gerritbot added a project: Patch-For-Review.Sep 2 2021, 6:55 AM
gerritbot added a comment.Sep 2 2021, 8:57 AM

Change 716207 merged by Filippo Giunchedi:

[operations/puppet@production] admin: add katelevan

https://gerrit.wikimedia.org/r/716207

fgiunchedi subscribed.Sep 2 2021, 9:03 AM

@KLevan access has been set up, please confirm the following:

  • SSH access is working
  • the kerberos initial password (sent via email) has been changed

thank you!

fgiunchedi reassigned this task from odimitrijevic to KLevan.Sep 2 2021, 9:07 AM
fgiunchedi moved this task from Manager/NDA Approval/Confirmation to Awaiting User Input on the SRE-Access-Requests board.
Maintenance_bot removed a project: Patch-For-Review.Sep 2 2021, 9:10 AM
KLevan added a comment.Sep 7 2021, 11:16 AM

With Nahid's help we have set up the Kerberos password and everything is working fine. Thank you all for your work.

fgiunchedi closed this task as Resolved.Sep 7 2021, 11:46 AM
fgiunchedi updated the task description. (Show Details)

Great to hear @KLevan ! Resolving

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL