In the context of IP Info, "access" covers:
IP Info has two separate sets of MediaWiki rights:
- The right that allows the user to enable the tool, ipinfo
- The rights that control the user's access to the information provided by the tool – T292626: Create and implement IP Info viewing rights [L]
Access will work as follows for the MVP version:
- "Full" access: Limited to sysop, bureaucrat, checkuser, oversight and steward user groups.
- "Basic" access: All other registered users
Logging and reporting
- The logs should capture:
- Who performed the IP information check
- Access of the performer (limited or full)
- Against which IP address
- Whether it was the popup or the accordion
- Timestamp of the check
- To avoid the problem of log spam, only one log entry will be captured if multiple checks are made by the same user against the same IP over a period of 24 hours (rolling or one UTC day). Note that we will have a separate log entry for popup check versus accordion check but each of them will be captured only once every 24 hours.
- This time period needs to be configurable to allow flexibility in the future.
- Retention: Logs will be retained forever.
- For now, the WMF 'staff' group will have access. This will need to be configurable to allow flexibility in the future.
- The users will be informed that their checks will be logged when they accept the terms of access. (Ticket TBD)
- T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse
- If a user’s permission is revoked by us, they should not be able to activate it again
- There is a possibility that users might need to regain access periodically (TBD)
While estimating T291854: Create revoke user access maintenance script, we also discussed:
- The user's access should be revoked across all wikis