Page MenuHomePhabricator
Create Task
Maniphest T235313

Spaces request for AHT-Private
Closed, ResolvedPublic
Actions

Description

Hello! This is a task requesting a private Phabricator Space for some of Anti-Harassment Tools team's tickets.

  • Desired name- AHT-Private
  • Description - Private Space for Security-restricted tasks for AHT team's upcoming projects (such as CheckUser)
  • Explanation of why there are repeatedly tasks in your project which should only be accessible by a defined group of people - AHT team often delves in tasks that involve discussing security vulnerabilities and mitigations. In the case of CheckUser this will involve sharing screenshots of CU as we test and iterate on our work. In both of these examples, it is desirable that only team members are able to access these tickets so we don't risk exposing anything publicly that we shouldn't.
  • The group lead (responsible for adding and removing people with access) - @Niharika
  • A list of all Phabricator usernames should be able to access objects in that project:

Event Timeline

Niharika created this task.Oct 12 2019, 1:49 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 12 2019, 1:49 AM
Niharika added a project: Anti-Harassment.Oct 12 2019, 1:50 AM
Restricted Application added a subscriber: MGChecker. · View Herald TranscriptOct 12 2019, 1:50 AM
Niharika moved this task from Untriaged to Tracking work by others on the Anti-Harassment board.Oct 12 2019, 3:20 AM
Aklapper closed this task as Resolved.Oct 12 2019, 8:26 AM
Aklapper claimed this task.
Aklapper moved this task from To Triage to Administration (UI) on the Phabricator board.
  • Regarding this Space (a Space is not a project and hence a Space itself does not have a workboard):
    • For access control, created #acl*AHT-Private_policy_admins. This defines access to tasks in the Space.
    • Created the private Space S18 ("AHT-Private"). Its View and Edit policy is intentionally set to #acl*AHT-Private_policy_admins and should not be changed.
    • @Niharika can add/remove users (who can create and access tasks in S18) via editing the members of #acl*AHT-Private_policy_admins. I have added the names provided above. Also note that Phabricator admins could also add themselves (this is a fallback for when a team lead has left; we had that situation); if you watched the #acl*AHT-Private_policy_admins project you would get a notification about such an action.
    • Please do see Displaying and using a Space for more information. To create private tasks, use this task creation form: You must set Visible To: Space S18: AHT-Private to create private tasks only accessible to members of S18 and nobody else, before pressing the Create New Task button.
  • Documented the creation of S18 on https://www.mediawiki.org/wiki/Phabricator/Spaces

If wanted, I could create a Herald rule ("If Space is set to S18, then add project tag #XYZ"), so tasks would end up on the workboard of project #XYZ even if you forgot to add the project and only set the Space. Obviously that does not make sense if your team plans to deal with more than one project in that Space.

(Note to myself: As members of Policy-Admins are allowed to access https://phabricator.wikimedia.org/maniphest/task/edit/form/3/ and as #acl*AHT-Private_policy_admins is a subproject of Policy-Admins, everyone listed above should be able to access that form.)

Niharika added a comment.Oct 12 2019, 9:25 AM

Roger that. Thanks a lot, Andre. I think we won’t need the Herald rule.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL