The CoC committee at https://www.mediawiki.org/wiki/User:TechConductCommittee should be able to disable user accounts in Phabricator when needed.
That SUL account is not yet registered on Phab as we were wondering if it is possible to let a Phab account disable other user accounts without giving full Phab admin rights to such a Phab account.
if it is possible to let a Phab account disable other user accounts without giving full Phab admin rights to such a Phab account.
it isn't.
I was afraid so. :) Thanks! So maybe it's sufficient to keep the way it currently works?: Have the CoC committee contact one of the Phab admins for disabling a Phab account (and reenabling the account after a period of time defined by the CoC committee)?
We could modify the code that controls that action, I think it'd be easy enough to change the conditions.
I'd consider this (the shared account with only the needed permissions) a low-priority need as we (Phab admins) can do the needful when informed (via email to releng@lists.wikimedia.org is sufficient).
it's fairly trivial to add a separate permission check for something like "members of acl*account admins" and then we can add individuals to the account admins project - this would avoid needing a shared phabricator account.
Hmm, indeed maybe the actual underlying question to solve is "how to contact Phab admins in a private way".
Contacting a phab admin in a private way could be done via conpherence or private tasks somewhat like security bug reports.
For the records, Phab admins are listed in https://phabricator.wikimedia.org/people/query/DktdoFyuGYMN/#R
Options mentioned so far:
Personally I prefer the first because in the end it's a task to perform. Tasks are less noisy than chat rooms, and when wanted easier to ignore than postings on a list.
But I fail to find the PHID for the "Administrators" group (and don't know what to enter in [[ https://phabricator.wikimedia.org/conduit/method/phid.lookup/ | Conduit's phid.lookup ]]). Help welcome.
Task or e-mail releng sounds best to me. I would never notice a chat window. And tbh, a task is pushing it...I see [Phabricator] in my inbox and it's never a rush.
Regarding your second question: there is no group: it's a bit set on individual users. You might be better off creating a form with the desired folks already on the CC/assignee field?
But really, if it's an emergency...e-mail is probably best (to me).
Another option: make sure at least one (NDA'd) person on the CoC has admin rights? That's also a possibility.
Asked about the correct policy.view URL parameter in Discourse and Evan replied by pointing to https://secure.phabricator.com/source/phabricator/browse/master/src/applications/policy/constants/PhabricatorPolicies.php;f43d08c2bbe6ed6d7f9b35a09f1d9e0564c13f9b%245-8
So the CoC committee could use this link to create a task that only Phab admins can see: https://phabricator.wikimedia.org/maniphest/task/edit/form/3/?projects=Phabricator&title=Disable%20account%20-%20CoC%20Committee&policy.view=admin&priority=80
The URL in T183116#3961213 got added to the page about enforcing on https://techconduct.wikimedia.org/
Closing as resolved.