Logging could be done in a few ways:
- The tool could keep track in a ToolsDB table and provide an interface to display the data
- The tool could add a comment to a phabricator task designated for tracking these actions
- The tool could create and resolve a task tagged with the acl*userdisable project
The second option would be technically easiest to implement, but would not provide any search features beyond ctrl+F in-page searching. The 3rd option is close to as easy as the first and would allow more search features. Both the second and third options would allow people who were interested to receive email notifications of actions via built-in phabricator features.
Option 1 looks good. If too much work, what about a page on Wikitech, the same way the Server Admin Logs work? A never-to-be-closed task is something I don't really like to be honest. Thanks.
This has been started in the aftermath of https://lists.wikimedia.org/pipermail/wikitech-l/2018-August/090484.html, which triggered quite an outrage of Wikitech-l, I believe. See also: https://www.mediawiki.org/wiki/Topic:Uikcu1emvmw6e4z8 . There are quite some reasons why this is logged.
I did not requested this due to @MZMcBride's block. I feel in MZ's case this would not have helped much. The Phabricator account disable log, which is visible to admins only, does not record any reason why an account was disabled, because the UI does not offer such an option. Even if the logs were public MZ would have found that her account was disabled but not why.
This task is aimed to create some sort of audit because those who are part of acl*userdisable are using a shared Phab admin account (not via the UI but via an OAUth tool, but still). In the (hopefully unlikely) case someone from acl*userdisable goes rogue and start disabling accounts, do tool admins or others know who misused the tool so they can take action against them? If that is publicly logged or logged only to tool admins I'm rather indiferent at this stage, but there should be some sort of audit, internally if you want it, as to when and by whom an account was disabled using the shared PhabBanBot account.
Personally I don't care about reasons. I trust people who can disable accounts that they have their reasons.
Plus you brought up adding people to the group which allows disabling user accounts. Do you really expect me to explain why I trust another user and give them such rights?
Disabled https://phabricator.wikimedia.org/p/Jdub252/ for vandalism
Disabled https://phabricator.wikimedia.org/p/Fred.231084/ for vandalism
Added @jeena to acl*userdisable to be able to stop such vandalism in the future
Added @AndyRussG to acl*userdisable to be able to stop such vandalism in the future