The pentest work is complete. Deactivate the accounts.
Departing User Procedure / Checklist
When removing a user from the fundraising / fr-tech ecosystem, we have a set
of places where we need to remove accounts and access.
Prerequisites
Before we take action to remove a user, we need to verify that they have
departed. This should come as a confirmation from their manager and tracked
as a phabricator ticket.
[x] user_verification
- access_rights: letter from manager verifying revocation of access
- account name/contact info: removed from https://collab.wikimedia.org/wiki/Fundraising#Contact_List
User Data and Processes
Data to be retained
None
Processes running under the user's account
None
Accounts and Services
[x] client_ssl_cert
Provides access to multiple services [x] Revoke the cert on frpm1001 using: ssl_user_admin revoke username [x] Check in the updated CRL to puppet-private [x] Push out puppet changes.
[x] civicrm
Requires: client_ssl_cert [x] Change user account to Blocked [-] Remove from any campaign notifications. [-] Check using: mysql drupal -e "select * from wmf_campaigns_campaign;" [-] Remove using mysql or https://civicrm.wikimedia.org/admin/config/wmf_campaigns/list [-] Remove from large donantion notifications. [-] Remove using https://civicrm.wikimedia.org/admin/config/large_donation/configure