Trust-and-Safety has established this account @WMFOffice (username on Wikitech is the same) for enforcing Foundation global bans in the technical spaces on the reasonably-rare occasions where that is needed.
This role would solely be used to Abandon patch sets in Gerrit. Ideally we would create a Gerrit group (perhaps called wikimedia-office) and grant that Abandon permissions on all projects.
Ok, I tried to make a more restrictive group called VandalFighters, which i added WMFOffice to (And removed WMFOffice from Administrators). It has the ability to abandon patches, delete patches (Note there is no undo, so be careful with the delete button), mark patches -2, flush caches, and adjust accounts (in particular mark an account "inactive" which is like block).
This sounds like a bad idea. Administrators probably shouldn't normally be able to do that, without someone literally going into MySQL etc.
That seems bizarre, they shouldn't be using privileged code review labels for anything.
This sounds like a bad idea. Administrators probably shouldn't normally be able to do that, without someone literally going into MySQL etc.
Adminstrators can indeed do that without going into SQL (for unmerged patches). Indeed I think there was an example a while back of someone doing that accidentally by clicking the wrong button. Anyways, people shouldn't normally do that. Probably best to treat it similar to oversight on wiki.