Given that he's not longer working with Research as formal collaborator, please revoke @Pirroh's access to shell.
Who
Michele Catasta
phab: @Pirroh
shell username: pirroh
Access Group
analytics-privatedata-users
bastiononly
Why
No longer working on project https://meta.wikimedia.org/wiki/Research:Characterizing_Wikipedia_Citation_Usage
| operations/puppet : production | admins: revoke access for user pirroh |
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | Miriam | T198656 [CDP-3 1.1] A map of verifiability of information in Wikimedia projects | ||
| Resolved | Miriam | T198662 Request access to data for citation usage research | ||
| Resolved | Dzahn | T222085 Revoke @pirroh's shell access |
Change 507071 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: revoke access for user pirroh
Change 507071 merged by Dzahn:
[operations/puppet@production] admins: revoke access for user pirroh
Thanks @Miriam for making the ticket. Done. puppet is removing the user. for example on bast1002:
Apr 29 17:22:17 bast1002 puppet-agent[1667]: (/Stage[main]/Admin/Admin::Hashuser[pirroh]/Admin::User[pirroh]/User[pirroh]/ensure) removed
Mentioned in SAL (#wikimedia-operations) [2019-04-30T04:26:25Z] <mutante> LDAP - remove user pirroh from group nda (T222085 and cross-validate-accounts demands consistency)
@RStallman-legalteam : The access for Michele Cataste has been removed, can you please also update the NDA tracking meta data?
@Dzahn Best to use https://wikitech.wikimedia.org/wiki/Ops_Offboarding#Remove_user_from_privileged_groups ; it will prepare an LDIF to drop all privileged groups (there might be more than just cn=nda in some cases (but here it was limited to cn=nda, I doublechecked) and it will also flag if a user had access to Hadoop, as that data is triaged by the analytics team to ensure that PII data is properly cleaned out. I created https://phabricator.wikimedia.org/T222140 for that.