Page MenuHomePhabricator
Create Task
Maniphest T307746

Fundraising access request for dvargas@bishopfox.com
Closed, ResolvedPublic
Actions

Description

This is a new access request for David Vargas of Bishop Fox. This is the pentest contractor that we are working with through the Security team.

They require the following access: (mark each box with an x)

  • civicrm web access
    • standard access
    • donor services access (manager)
    • engage access (manager)
    • fr-tech administrative access
  • ssh access - if specific hosts: list here
  • mysql - if specific hosts or databases: list here
  • superset
  • other: This is a special case where there will be multiple accounts so differences in privileges can be tested.

New User Procedure / Checklist

When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access.

Prerequisites

Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved.

[x] user_verification
Requires: user request
[x] access_rights: letter to C level (currently Lisa) verifying grant of access
[x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List

Accounts and Services

[x] client_ssl_cert
Requires: user_verification
[x] cert_setup: generate cert on frpm1001 using ssl_user_admin
[x] account_setup: sms the user the password for the key
[x] follow_on: assist with certificate installation
[x] civicrm
Requires: client_ssl_cert
[x] account_setup: Create user account. This will notify the user via email to update their password.
[x] follow_on: Verify user can log in to https://civicrm.wikimedia.org

Event Timeline

Dwisehaupt created this task.May 5 2022, 9:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 5 2022, 9:37 PM
Dwisehaupt moved this task from Triage to In Progress on the fundraising-tech-ops board.May 5 2022, 9:38 PM
Dwisehaupt updated the task description. (Show Details)May 5 2022, 11:52 PM

Access request sent and approved.

Date: Thu, 5 May 2022 15:23:36
From: Lisa Seitz Gruwell
To: Dallas Wisehaupt 
Cc: Dylan Kozlowski,  Maryum Styles, Jeff Green
Subject: Re: Access Request for security penetration testing contractor
----------------------------------------

Yes, I approve. Thank you!
Dwisehaupt updated the task description. (Show Details)May 6 2022, 9:59 PM

Certificate created and sent via email. Password sent via SMS.

sbassett moved this task from Incoming to Watching on the Security-Team board.May 9 2022, 4:10 PM
Dwisehaupt updated the task description. (Show Details)May 9 2022, 10:43 PM

CiviCRM accounts created and information sent regarding the setup and password reset procedure. A copy of the setup email also stored in the project vault.

Dwisehaupt closed this task as Resolved.May 10 2022, 11:28 PM
Dwisehaupt updated the task description. (Show Details)
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.

Verified dvargas has logged in successfully to each account. Closing.

sbassett added a project: SecTeam-Processed.May 11 2022, 2:05 PM
sbassett moved this task from Watching to Our Part Is Done on the Security-Team board.May 16 2022, 4:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL