Page MenuHomePhabricator

Requesting access to analytics-privatedata-users for Dasm
Closed, ResolvedPublicRequest


Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Name: Daniel Simmons-Marengo
  • Wikitech username: Dasm
  • Email address:
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7ltKIKe7rrL2LacWR7RgP+YKB2KqMzvve40nJI1ypJ dasm@Daniels-MacBook-Pro.local
  • Requested group membership: analytics-privatedata-users. I also need access to the wmf LDAP group, and kerberos credentials. [As per current rules, the NDA group will be added]
  • Reason for access: I work for a contractor (Tumult Labs), and will be working on a project to produce differentially private historical pageview data.
  • Name of approving party (manager for WMF/WMDE staff): Jennifer Cross
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Done.
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see

Event Timeline

@dasm Thanks, confirmed you have already signed L3 and looks like you are providing all the needed info. Kicking off this request.

@KFrancis Is this ('working for a contractor') covered under the "All WMF Staff/Contractor hiring are covered by NDA"? I assume so.

Dzahn changed the task status from Open to In Progress.Nov 7 2022, 11:34 PM
Dzahn moved this task from Untriaged to SRE Meeting Review on the SRE-Access-Requests board.

The contractor is working for Tumult Labs, Inc, correct? If so, they are covered until the parent contract.

@KFrancis Alright, thank you! :) Yes, looks like that's the case, based on email address and the comment on this ticket.

@Htriedman Hi, so we need your approval for this ticket anyways, so maybe you can confirm this as well. Thank you

fgiunchedi triaged this task as Medium priority.Nov 8 2022, 9:25 AM

@Dzahn @KFrancis Yes, that is correct, @dasm is a Tumult Labs contractor working with us on differential privacy.

With regards to final approval, @Jcross is the approving manager here, not me (and is on vacation til next week). I expect we can get a final confirmation then! Thanks so much :)

@Htriedman Thank you:) confirmed and sounds good. Let me reassign the ticket accordingly. Best, Daniel

While we wait for Jcross to return to office, @Ottomata it would help if you could approve on your side. Access to the above group until June 2023.

Change 860132 had a related patch set uploaded (by Andrea Denisse; author: Andrea Denisse):

[operations/puppet@production] admin: add dasm to analytics-privatedata-users

Hi @Htriedman and @Jcross , could you please help me to confirm that the expiry date for @dasm 's access is on the 2023-06-30? :)

@andrea.denisse that is correct! 2023-06-30 is the expiry date for @dasm

@andrea.denisse - can you merge and submit your patch so we can create the kerberos principal and close this task?

Change 860132 merged by Andrea Denisse:

[operations/puppet@production] admin: add dasm to analytics-privatedata-users

Added to nda group and created the kerberos principal. @dasm you should've received an email with further instructions. Also please allow 30-60 minutes for puppet to run everywhere.
Please reopen if you have troubles accessing.