Page MenuHomePhabricator
Create Task
Maniphest T335476

User offboarding
Open, MediumPublic
Actions

Description

Implementation of an admin feature: Offboarding.

As users leave the foundation or any of our projects an offboarding process needs to ensure that any access to production environments or PII is removed.

The goal for this task is to implement:

  • Admin only area.
  • Define what constitutes an administrator.
  • Automatic removable of LDAP permissions which are normally restricted.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Offboarding: Allow managers to offboard users.operations/software/bitumaster+181 -26
Search: add function for search users.operations/software/bitu-ldapmaster+42 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT340720 Implement SRE Access Request functionality in Bitu
 OpenSLyngshede-WMFT335476 User offboarding

Event Timeline

SLyngshede-WMF created this task.Apr 27 2023, 8:41 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 27 2023, 8:41 AM
SLyngshede-WMF claimed this task.Apr 27 2023, 8:42 AM
SLyngshede-WMF triaged this task as Medium priority.
gerritbot added a comment.May 11 2023, 1:54 PM

Change 919073 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/software/bitu-ldap@master] Search: add function for search users.

https://gerrit.wikimedia.org/r/919073

gerritbot added a project: Patch-For-Review.May 11 2023, 1:54 PM
Aklapper added a project: Bitu.May 14 2023, 6:18 PM
gerritbot added a comment.May 17 2023, 10:49 AM

Change 920665 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/software/bitu@master] Offboarding: Allow managers to offboard users.

https://gerrit.wikimedia.org/r/920665

RhinosF1 subscribed.May 18 2023, 11:31 AM

Employees being off-boarded from the WMF may wish to continue in some roles as a volunteer.

Will this support keeping some roles or switching from 'wmf' to 'nda' ldap groups?

SLyngshede-WMF added a comment.May 18 2023, 11:40 AM

As currently planned there will just be a list of roles/LDAP groups which is removed from users during off-boarding. Any other groups that user belongs to is not affected.
But I'm currently working on it, so any input or wishes are greatly appreciated.

Current functionality:

Skærmbillede 2023-05-18 kl. 13.40.02.png (1×2 px, 205 KB)

Skærmbillede 2023-05-18 kl. 13.39.48.png (758×2 px, 188 KB)

SLyngshede-WMF edited parent tasks, added: T340720: Implement SRE Access Request functionality in Bitu; removed: T320801: Build-out for self service.Jun 29 2023, 10:01 AM
gerritbot added a comment.May 1 2025, 8:12 AM

Change #920665 abandoned by Slyngshede:

[operations/software/bitu@master] Offboarding: Allow managers to offboard users.

https://gerrit.wikimedia.org/r/920665

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits