For this he should be able to see Icinga alerts related to it and also schedule downtimes/ACK/etc.
I have created an Icinga contact for him and added him to the existing contactgroup for gerrit. 596624. This means he will have permissions to run commands on these services/hosts related to Gerrit, but not on other ones. (It is _not_ the global override in cgi.cfg, just regular contact privileges for specific services).
What is missing now though is that he is able to get past the login we added in front of Icinga which needs one of the LDAP groups "ops" or "wmf" or "nda".
This request is to add him to the appropriate one. Since "nda" is for volunteers and "wmf" is for employees I am never quite sure which one to use for contractors. Either one will work fine to resolve this ticket.
So we should go through the usual steps to get him on file with an NDA and then add him to the group.
Please note he already has existing shell access with root on the Gerrit servers and therefore a change in puppet is not needed.