Page MenuHomePhabricator
Create Task
Maniphest T299400

Audit members of acl*security for more than x duration of no activity (Jan 2022)
Closed, ResolvedPublic
Actions

Description

Same as T241781.
See output of SELECT DISTINCT(userName) FROM phabricator_user.user WHERE phid NOT IN (SELECT trs.authorPHID FROM phabricator_maniphest.maniphest_transaction trs INNER JOIN phabricator_user.user u WHERE FROM_UNIXTIME(trs.dateModified) >= (NOW() - INTERVAL 1 YEAR) AND trs.authorPHID = u.phid) AND phid IN (SELECT e.src FROM phabricator_user.edge e WHERE e.dst = "PHID-PROJ-koo4qqdng27q7r65x3cw" AND e.type= 14); on phab1001 (not sure if I should directly post here in public?).

Ideally this wouldn't require a human to think of it and file this manual ticket.

Related Objects

Event Timeline

Aklapper created this task.Jan 18 2022, 1:47 PM
sbassett mentioned this in T254201: Compile, organize and schedule various Wikimedia security-related user audits.Jan 18 2022, 4:02 PM
Dsharpe subscribed.Jan 18 2022, 8:49 PM

I can take this on, but I don't think I have access to run the query. I don't see a way to get the equivalent result through the Phabricator GUI.. Can the query results be added here, or should I pursue trying to get the least amount of access I would need to run that query myself?

Aklapper added a comment.EditedJan 20 2022, 1:28 AM

@Dsharpe: I've pasted P18895. (Note that this list of folks who have not had any task related activity at all in the last 12 months also includes deactivated accounts, and bots.)

Dsharpe added a project: SecTeam-Processed.Jan 24 2022, 8:12 PM

Thanks for that list! Skipping over some folks who need access but might not actually update a task, I removed access for anyone that showed up somehow under the security acl who no longer need that level of access. Some accounts listed didn't show up under any of those groups under the security acl. and I had no edit to make for those.

Aklapper assigned this task to Dsharpe.Jan 25 2022, 12:57 AM

Thanks. I see that three accounts were removed.

Some accounts listed didn't show up under any of those groups under the security acl.

Hmm, that makes me wonder if my query is correctly constructed... sigh. Anyway, thanks! :)

Dsharpe closed this task as Resolved.Jan 25 2022, 5:50 PM
Dsharpe removed a project: Security-Team.

Because I couldn't think of a better way to do it, I added a personal calendar entry for myself to do this again next year. Thank you!

Aklapper added a comment.Jan 26 2022, 2:22 AM
In T299400#7649830, @Dsharpe wrote:

Because I couldn't think of a better way to do it, I added a personal calendar entry for myself to do this again next year. Thank you!

@Dsharpe: Thanks! Would it make sense to create a followup Phab ticket which mentions 2023 in the title, set stalled status, and set a Due Date, so remembering this would not depend on a single person's calendar but would be future work on a list/workboard that an entire team could become aware of?

Aklapper mentioned this in T301181: Audit members of acl*security for more than 12 months of no activity (May 2023).Feb 7 2022, 8:45 PM
Aklapper mentioned this in T337305: Audit members of acl*security for more than 12 months of no activity (May 2024).May 23 2023, 12:56 PM
Aklapper mentioned this in T368224: Audit members of acl*security for more than 12 months of no activity (May 2025).Jun 23 2024, 2:08 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits