Page MenuHomePhabricator
Create Task
Maniphest T283625

Revoke changetags permissions from the 'Users' group
Closed, ResolvedPublic
Actions

Description

The meta community decided that the changetags permission should be revoked from the user usergroup and should only be available to sysops and bots.

https://meta.wikimedia.org/wiki/Meta:Babel#Revoke_changetags_permissions_from_the_"Users"_group

Details

SubjectRepoBranchLines +/-
Restrict changetags to sysops and bots on metaoperations/mediawiki-configmaster+3 -0
Customize query in gerrit

Event Timeline

Zabe created this task.May 25 2021, 7:43 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 25 2021, 7:43 PM
Zabe renamed this task from Restrict changetag to 'autoconfirmed' users on meta to Restrict changetagx to 'autoconfirmed' users on meta.May 25 2021, 7:47 PM
Zabe renamed this task from Restrict changetagx to 'autoconfirmed' users on meta to Restrict changetags to 'autoconfirmed' users on meta.
Zabe renamed this task from Restrict changetags to 'autoconfirmed' users on meta to Restrict changetags to ??? users on meta.EditedMay 25 2021, 7:56 PM
Zabe changed the task status from Open to Stalled.

Okay, I just read through the discussion and there isn't that much consensus for what restrict this to.

Zabe renamed this task from Restrict changetags to ??? users on meta to Restrict changetags to 'autoconfirmed' users on meta.May 25 2021, 8:58 PM
Zabe changed the task status from Stalled to Open.
gerritbot added a comment.May 25 2021, 9:03 PM

Change 694686 had a related patch set uploaded (by Zabe; author: Zabe):

[operations/mediawiki-config@master] Restrict changetags to 'autoconfirmed' users on meta

https://gerrit.wikimedia.org/r/694686

gerritbot added a project: Patch-For-Review.May 25 2021, 9:03 PM
Zabe moved this task from Backlog to To deploy on the Wikimedia-Site-requests board.May 25 2021, 9:05 PM
MarcoAurelio subscribed.EditedJun 3 2021, 11:39 AM

Given how scarcely the permission is used, and that there has been abuse from autoconfirmed users as well, I think it'd be best if for now we removed applychangetags and changetags from the user group, and granted them instead to the bot and sysop groups only.

Granting the permission to autopatrolled users is a more complex config change as such flag is usually revoked upon being promoted to other user groups, and would mean adding those permissions to a bunch of other local groups in order to keep an equivalent level of access for no benefit, as neither autopatrolled nor other user groups seem to actively need these permissions.

Zabe renamed this task from Restrict changetags to 'autoconfirmed' users on meta to Revoke changetags permissions from the 'Users' group.Jun 3 2021, 10:40 PM
Zabe triaged this task as Medium priority.
gerritbot added a comment.Jun 3 2021, 11:03 PM

Change 694686 merged by jenkins-bot:

[operations/mediawiki-config@master] Restrict changetags to sysops and bots on meta

https://gerrit.wikimedia.org/r/694686

Stashbot added a comment.Jun 3 2021, 11:09 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-03T23:09:02Z] <thcipriani@deploy1002> Synchronized wmf-config/InitialiseSettings.php: Config: [[gerrit:694686|Restrict changetags to sysops and bots on meta]] T283625 (duration: 00m 58s)

Maintenance_bot removed a project: Patch-For-Review.Jun 3 2021, 11:10 PM
Zabe added a comment.Jun 3 2021, 11:15 PM
In T283625#7131562, @MarcoAurelio wrote:

Given how scarcely the permission is used, and that there has been abuse from autoconfirmed users as well, I think it'd be best if for now we removed applychangetags and changetags from the user group, and granted them instead to the bot and sysop groups only.

Granting the permission to autopatrolled users is a more complex config change as such flag is usually revoked upon being promoted to other user groups, and would mean adding those permissions to a bunch of other local groups in order to keep an equivalent level of access for no benefit, as neither autopatrolled nor other user groups seem to actively need these permissions.

Restricted changetags to sysops and bots for now. Haven't done for applychangetags (yet), since this was not realy part of the discussion.

Zabe closed this task as Resolved.Jun 4 2021, 9:00 AM
Zabe updated the task description. (Show Details)Jun 4 2021, 12:10 PM
Zabe removed a project: User-Zabe.Apr 13 2022, 12:50 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits