Requestor provided information and prerequisites

• Wikitech username: Mfischerwmf
• Shell username: mfischerwmf
• Email address: mfischer AT wikimedia.org
• SSH key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3PVX58Clp2su5e7B0S4RI8PjmFT8fa5ix3gQS0n/yKrNRID7EUuz/SP0qcSlF0atw6E+tFZlT/tDpCfA9ltThs6jhxXv9qGfsMZwtdVGw010XdXbg0Jj1Uo2xa+Z//2TyTPVUOGRILdl9LBVRsNGJOd1qPIZoMabHNynO/D9J6JrGJKj6eU+2p4wYjPuOp7fAvQB+f7QtuRzSwMGFHPZfW6ebt/40s3XtCPoYHsGhjoTbMBMp6E5jdzfLuxYZcZEZk9IHsR/lagJMjiE3fBxC8y6ZJlHBCo2BUbfnYO+w795YMWfxPRnpc5BkS/ILX6dTWMzFiVMgPAsDqBBQvnnhP6KT/veFkANG4SrTM+jxJCqUq6hViAT0Wi1oon1UwDJtg2IFS9VFBg44II1Zw5iWXqYtj32e7qbWkWJLToUoXvSJzDrZvi5Am5JHNrlxfEILRe/sRL9U5EQDJu17JR8X2AxzqsbfMctccTXGoIz9P1zUCIG84hLSxZY7/bA3qCAHnE6HfxkBwiXxsfMDJ5BKGy5FhsrHbmM+7fFtJsGxy7IZC210ELkAvmNl2ozyfKqPLdu/bsARaFGrK8etUr0g8MTo2TLZJOvvuMrjYerWms1UaUY49fauV6cIDpMDdkP08Vkwtu7v55oYQuSYnP0BeidPAkWCO+jv8fnvVCpWYw== .
• Requested POSIX group membership: analytics-privatedata-users
• Requested LDAP group membership: wmf
• Requested kerberos principal: yes

I'd like to request membership for @MFischer to ‘analytics-privatedata-users’ group. He is a member of the Human Rights team at the Foundation and requires those accesses for his regular work. He only needs the view access, and I believe the above group would cover it. But I could be wrong about the access group. In any case, I would defer to someone who has better knowledge than myself. Specifically some of the workflows he needs to be able to do (and needs this access for):

• Lookup private information such as user email addresses, usernames, and authentication dates for urgent Human Rights related matters and related investigations.
• Query webserver logs for private information such as IPs that have viewed certain pages.

Max has already signed L3. The Human Rights team is under @JanWMF's portfolio. Jan, could you confirm/approve this request by commenting here?

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

• - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
• - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
• - User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
• - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
• - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
• - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
• - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access