Create phabricator space for tickets with legal restrictions
Closed, ResolvedPublic

Description

It is not infrequent that we have to hold on to some data due to legal purposes (a legal hold), there are tasks (and in some cases coding) that is associated with this type of work.

Normally the purpose of the hold is confidential and in order to be able to manage such a tasks we will benefit from a "space" in phabricator similar to the one we use for hardware requests restricted just to ops/analytics and legal.

Could one of the admins create such a space for us?

Thanks

Nuria created this task.Aug 31 2017, 1:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 31 2017, 1:58 PM
Nuria assigned this task to Aklapper.Aug 31 2017, 1:59 PM
Nuria removed a project: Analytics-Kanban.
Nuria moved this task from Incoming to Radar on the Analytics board.Aug 31 2017, 3:59 PM
Aklapper removed Aklapper as the assignee of this task.Sep 4 2017, 12:08 PM
Aklapper added a project: Phabricator.

See https://www.mediawiki.org/wiki/Phabricator/Creating_and_renaming_projects#Requesting_a_Space for required information, e.g. who exactly to be able to access such tickets. Putting such tickets under WMF-NDA is not already sufficient?

Nuria added a comment.Sep 6 2017, 6:20 PM

NDA holders is quite a different set of permits. It is mostly geared towards research collaborators access to data so actually, there are quite a bit of external parties that have access to data that should not have access to issues of legal nature (like data retained due to a lawsuit). Makes sense?

The argumentation makes sense I guess, I'm just not sure if it's technically possible what you have in mind. :)

similar to the one we use for hardware requests restricted just to ops/analytics and legal.

Do you refer to S4 or S6 here? We have #acl*operations-team and #acl*procurement-review projects for access control in place, but I'm not aware of ACL projects for Legal or Analytics. Yet. And who should be members of these projects and "decide" on and maintain membership in them.

Also, please see the link in T174675#3577182 for required information (name of the Spaces, who can access the Space, etc.)

Nuria added a comment.Sep 6 2017, 7:20 PM

I guess I was thinking of s4 as it is the only other space i see when I go to: https://phabricator.wikimedia.org/spaces/, I am not sure what ACL here refers to, I imagine is this: https://phabricator.wikimedia.org/project/profile/29/, thus the new space should include ops engineers and analytics engineers. Seems like we would need to create a new "acl-analytics group for that" also some members of legal team like @ZhouZ

mmodell added a subscriber: mmodell.Sep 6 2017, 7:50 PM

Ideally we'd designate one or two people who will decide on the membership of the acl group. Then we delegate control to them so that phabricator admins don't have to intervene every time there is a change to the list of people who can access the space.

So if I get it right:

  • Create some #acl* project for Analytics folks (only used for access control and not for any tasks)
  • Add one or two Analytics folks (who?) to that #acl* project and let them add more people if needed
  • Set up a Space (TODO: please provide a name and description) that can accessed by members of both #acl*operations-team and that #acl* analytics project only

Thanks also Legal might also want to create a separate Legal space in addition to the one with Analytics folks

This is blocked on

  • Add one or two Analytics folks (who?)

Someone please answer.

Thanks also Legal might also want to create a separate Legal space in addition to the one with Analytics folks

Please file a separate task for that Space if that Space is wanted. Thanks.

Aklapper changed the task status from Open to Stalled.Nov 15 2017, 5:29 PM

The space should include the following members: members of analytics team @mforns @Ottomata @Milimetric @JAllemandou @elukey @fdans plus @Nuria plus CTO: @VColeman plus all members of ops team.

I am happy to administer it and grant access to whoever proceeds in legal, probably @APalmer_WMF

Nuria added a comment.Dec 11 2017, 9:08 PM

We could use this one @Aklapper for upcoming work with NSA lawsuit, could we get it done ? (cc @Ottomata )

Aklapper claimed this task.Dec 11 2017, 9:34 PM
Aklapper changed the task status from Stalled to Open.
Aklapper triaged this task as Normal priority.
Tbayer added a subscriber: Tbayer.Dec 11 2017, 9:49 PM

@Nuria
Do you want me to be added to the space or to make sure the ACL gets set up? Thanks!

Nuria added a comment.Dec 12 2017, 3:05 AM

Both actually, i think we could use this space to organize many upcoming tasks

Nuria added a comment.Dec 12 2017, 3:06 AM

But I tthink @Aklapper will get to it now that ticket is not in "blocked" ( i think I should have changed that earlier and I forgot)

As per T174675#3577182: Could someone please provide a description of that Space, and a name for that Space?
Also, I assume that the existing public WMF-Legal project would be used in addition for tasks, as Spaces have no workboard themselves? (Space members can see those tasks in the Space on that WMF-Legal workboard while non-Space members could not.) Or is a separate project wanted? If so, what's the name of that project (could be the same as the name of the Space)?

@Nuria: Here is a start to respond to request from @Aklapper for a description and a name for the space. Please review/edit or approve. Thanks!

Description: Space used by the Analytics team for reviewing incoming requests from WMF-Legal that need to remain private.

Name: Analytics-Legal

Nuria added a comment.Dec 13 2017, 3:52 PM

One small amend:

Description: Space used by the Analytics and Techops team for reviewing incoming requests from WMF-Legal that need to remain private.

Name: Analytics-Legal

Thanks, @Nuria!

@Aklapper do you have what you need to create this space?

greg added a subscriber: greg.Dec 13 2017, 4:03 PM

@Aklapper do you have what you need to create this space?

Also, I assume that the existing public WMF-Legal project would be used in addition for tasks, as Spaces have no workboard themselves? (Space members can see those tasks in the Space on that WMF-Legal workboard while non-Space members could not.) Or is a separate project wanted? If so, what's the name of that project (could be the same as the name of the Space)?

ggellerman added a comment.EditedDec 13 2017, 4:57 PM

I just had a loo at the WMF-Legal board. I think that a separate board would make sense. The proj name could also be Analytics-Legal.

I wonder if this description shouldn't explicitly call out analytics and ops; this space is more a general space for private WMFl-Legal related (tech?) tasks.

Nuria added a comment.Dec 13 2017, 6:40 PM

I do not think so, main usage will be managing tasks for legal holds which is of concern of analytics and ops, I do not think space should be super generic

Why though? Tilman is not on the 'analytics' team, but will need access. It isn't inconceivable that we might have to loop others teams (community folks?) for this or some other future lawsuit. Might as well keep this for generic private legal tasks.

Next on my list: Creating a private Space.

Aklapper closed this task as Resolved.Dec 13 2017, 8:04 PM
  • Regarding the Space (a Space is not a project and hence there is no workboard):
    • For access control, created #acl*Analytics-Legal_policy_admins. This defines access to tasks in the Space.
    • Created the private Space S17 ("Analytics-Legal"). Its View and Edit policy is intentionally set to #acl*Analytics-Legal_policy_admins and should not be changed.
    • @Nuria can add/remove users (who can create and access tasks in S17) via editing the members of #acl*Analytics-Legal_policy_admins. I have added the names provided above, but I could not add "all members of ops team" (as requested in T174675#3782735) as this only allows adding individuals. (I think.) @Nuria: Feel free to add more people. Also note that Phabricator admins could also add themselves (this is a fallback for when a team lead has left; we had that situation); if you watch the #acl*Analytics-Legal_policy_admins project you'd get a notification about such an action.
    • Please do see Displaying and using a Space for more information. To create private tasks, use this task creation form: You must set Visible To: Space S17: Analytics-Legal to create private tasks only accessible to members of S17 and nobody else.
  • For convenience, created Herald Rule H270: If Space is set to S17, add project: Analytics-Legal. So tasks should end up on the workboard even if you forgot to add the project and only set the Space.
  • Documented the creation of S17 on https://www.mediawiki.org/wiki/Phabricator/Spaces