Page MenuHomePhabricator

Deactivate fundraising accounts for dvargas@bishopfox.com
Closed, ResolvedPublic

Description

The pentest work is complete. Deactivate the accounts.


Departing User Procedure / Checklist

When removing a user from the fundraising / fr-tech ecosystem, we have a set
of places where we need to remove accounts and access.

Prerequisites

Before we take action to remove a user, we need to verify that they have
departed. This should come as a confirmation from their manager and tracked
as a phabricator ticket.

[x] user_verification

User Data and Processes

Data to be retained

None

Processes running under the user's account

None

Accounts and Services

[x] client_ssl_cert
Provides access to multiple services
 [x] Revoke the cert on frpm1001 using:  ssl_user_admin revoke username
 [x] Check in the updated CRL to puppet-private
 [x] Push out puppet changes.
[x] civicrm
Requires: client_ssl_cert
[x] Change user account to Blocked
[-] Remove from any campaign notifications.
    [-] Check using: mysql drupal -e "select * from wmf_campaigns_campaign;"
    [-] Remove using mysql or https://civicrm.wikimedia.org/admin/config/wmf_campaigns/list
[-] Remove from large donantion notifications.
    [-] Remove using https://civicrm.wikimedia.org/admin/config/large_donation/configure

Event Timeline

Dwisehaupt claimed this task.
Dwisehaupt moved this task from Triage to Done on the fundraising-tech-ops board.
Dwisehaupt added a project: Security-Team.

Civi accounts set to blocked. SSL client certificate revoked and CRL merged. Entries in collab contact lists removed or updated as needed. Adding the security-team tag for visibility.