@chasemp Yes, there are only 2 options, we prefer to delegate access to the needed domains, so that would need a specific list of sites and can't be just "all".
If that is not possible we have to share the noc@ account password. For that let me copy/paste the warning message from the relevant password file on iron:
Google account for Google Webmaster Tools Make sure you know what you're doing when using Google Webmaster Tools. In order to have individual accountability, *delegate* Google Webmaster Tools access from the email@example.com Google Webmaster Tools console to an @wikimedia.org Google Apps account, the person behind which is a WMF employee or agent under NDA. Use that delegated account to take Google Webmaster Tools actions on sites defined under the firstname.lastname@example.org Google Webmaster Tools profile. Define sites using the email@example.com account, but use the delegated account for taking other actions on the actual sites. Only WMF employees or those with an NDA may be delegated Google Webmaster Tools access from the firstname.lastname@example.org Google Webmaster Tools console. If you believe your account delegated Google Webmaster Tools access has been breached, contact ops immediately to have delegation revoked while you restore your access. Similar logic applies to a computer breach involving a computer that you use to login to @wikimedia.org Google Apps. # !!! DO NOT TURN ON 2-FACTOR AUTHENTICATION !!! # !!! You may be prompted for a phone number for # !!! an SMS as an anti-bruteforcing control, # !!! and it's fine to use your own number there, # !!! but do NOT turn on 2-factor authentication # !!! if prompted with the option subsequently. # !!! In case the account is inaccessible, # !!! reach out to core ops to engage with # !!! office IT for a password change. # !!! Then set a strong random password and # !!! document it here. The Mac utility Keychain # !!! at max length with FIPS strength suffices.
Separately there is also an issue that we reached the Google limit of 1000 sites. We can't add any new ones currently.
I sent an email to most of the Search folks about decoupling this process from Ops access request process. Specifically, adding restricted users who need RO access to the data. Is this something you guys have time to discuss?