Page MenuHomePhabricator

Find best way to allow CoC committee to temporarily disable Phab user accounts
Closed, ResolvedPublic

Description

The CoC committee at https://www.mediawiki.org/wiki/User:TechConductCommittee should be able to disable user accounts in Phabricator when needed.

That SUL account is not yet registered on Phab as we were wondering if it is possible to let a Phab account disable other user accounts without giving full Phab admin rights to such a Phab account.

Event Timeline

Aklapper triaged this task as Medium priority.Dec 18 2017, 9:11 AM
Aklapper created this task.
Aklapper moved this task from To triage to Team radar on the Developer-Advocacy board.

if it is possible to let a Phab account disable other user accounts without giving full Phab admin rights to such a Phab account.

it isn't.

if it is possible to let a Phab account disable other user accounts without giving full Phab admin rights to such a Phab account.

it isn't.

I was afraid so. :) Thanks! So maybe it's sufficient to keep the way it currently works?: Have the CoC committee contact one of the Phab admins for disabling a Phab account (and reenabling the account after a period of time defined by the CoC committee)?

We could modify the code that controls that action, I think it'd be easy enough to change the conditions.

greg added a subscriber: greg.Dec 18 2017, 6:22 PM

I'd consider this (the shared account with only the needed permissions) a low-priority need as we (Phab admins) can do the needful when informed (via email to releng@lists.wikimedia.org is sufficient).

it's fairly trivial to add a separate permission check for something like "members of acl*account admins" and then we can add individuals to the account admins project - this would avoid needing a shared phabricator account.

demon added a subscriber: demon.Dec 19 2017, 4:23 AM

Cf: T102577, probably others.

Hmm, indeed maybe the actual underlying question to solve is "how to contact Phab admins in a private way".

Contacting a phab admin in a private way could be done via conpherence or private tasks somewhat like security bug reports.

For the records, Phab admins are listed in https://phabricator.wikimedia.org/people/query/DktdoFyuGYMN/#R
Options mentioned so far:

Personally I prefer the first because in the end it's a task to perform. Tasks are less noisy than chat rooms, and when wanted easier to ignore than postings on a list.
But I fail to find the PHID for the "Administrators" group (and don't know what to enter in Conduit's phid.lookup). Help welcome.

demon added a comment.Feb 9 2018, 2:14 PM

For the records, Phab admins are listed in https://phabricator.wikimedia.org/people/query/DktdoFyuGYMN/#R
Options mentioned so far:

Personally I prefer the first because in the end it's a task to perform. Tasks are less noisy than chat rooms, and when wanted easier to ignore than postings on a list.
But I fail to find the PHID for the "Administrators" group (and don't know what to enter in Conduit's phid.lookup). Help welcome.

Task or e-mail releng sounds best to me. I would never notice a chat window. And tbh, a task is pushing it...I see [Phabricator] in my inbox and it's never a rush.

Regarding your second question: there is no group: it's a bit set on individual users. You might be better off creating a form with the desired folks already on the CC/assignee field?

But really, if it's an emergency...e-mail is probably best (to me).

Another option: make sure at least one (NDA'd) person on the CoC has admin rights? That's also a possibility.

demon added a comment.Feb 9 2018, 2:16 PM
This comment was removed by demon.
Aklapper claimed this task.Feb 12 2018, 5:29 PM
Aklapper closed this task as Resolved.Feb 14 2018, 11:48 AM

The URL in T183116#3961213 got added to the page about enforcing on https://techconduct.wikimedia.org/

Closing as resolved.