I'm about to leave the Foundation, and will be losing access to my official WMF wiki account (User:HTriedman (WMF)). I'm in the midst of working on a bot that I'd like to continue to maintain (User:SpinachBot), and I'd like to transfer ownership of the bot from my soon-to-be-deactivated account to my personal account (User:Htriedman).
How can I do that?
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | SLyngshede-WMF | T371644 Requested offboarding-to-volunteer of HTriedman // Transfer ownership of SpinachBot from HTriedman (WMF) to HTriedman | |||
| Resolved | Mstyles | T372829 Offboard Hal Triedman from the Security Team |
According to https://toolsadmin.wikimedia.org/tools/id/spinachbot the maintainer account is https://wikitech.wikimedia.org/wiki/User:Htriedman, which is different to https://meta.wikimedia.org/wiki/User:HTriedman_(WMF)
I would change your email address on the wikitech account to your personal email. This should sync through for your Gitlab; but you'd want to check/confirm that.
For added confusion, your Phab account is linked to both that Wikitech (or the underlying LDAP). I would suggest disconnecting that via https://phabricator.wikimedia.org/settings/user/Htriedman/page/external/ (the "MediaWiki" account)
I would change your email address on the wikitech account to your personal email.
Done. Unclear if this propagates to Gitlab — I'm unable to change my email there, it says that "Your email address was automatically set based on your Wikimedia Dev Account (OIDC) account".
For added confusion, your Phab account is linked to both that Wikitech (or the underlying LDAP). I would suggest disconnecting that via https://phabricator.wikimedia.org/settings/user/Htriedman/page/external/ (the "MediaWiki" account)
Also done, now phab is associated with my personal account.
Try on https://idm.wikimedia.org/ldapbackend/properties/ (there's an "update" link against email address)
Are you planning to stay under volunteer NDA to keep access to private tickets? (membership in WMF-NDA group in Phab)
Did you want to keep various web-based logins (tied to EITHER wmf or nda group but would have to apply for that change).
Generally there is a process for "offboarding while staying volunteer" and another one for just "offboarding" and an offboarding script usually ran by infra foundations has options for that.
There might be more. A full offboarding checklist somewhere should likely be followed.
@Dzahn Great questions! I'm planning on rejoining the Foundation as a contractor under WME in early October. I'll be work on data products in and around the analytics infrastructure.
Are you planning to stay under volunteer NDA to keep access to private tickets? (membership in WMF-NDA group in Phab)
I don't think this will be necessary — I shouldn't need access to sensitive security and privacy related tickets on Phab.
Did you want to keep various web-based logins (tied to EITHER wmf or nda group but would have to apply for that change).
It would be great to continue to have ssh access to analytics infra, as well as superset (both of which I use on a regular basis during day-to-day work and will continue to use when I rejoin in October.
Happy to answer with more specifics if those are needed!
Hey @Htriedman If you would like to keep ssh access to analytics infra for that transitional period you can do that as volunteer. You could start that process by emailing @KFrancis (https://meta.wikimedia.org/wiki/User:KFrancis_(WMF)). Tell her you would like to sign a volunteer NDA and she will tell you more about it.
Then we should recycle this ticket or make a new one and contact the infra foundations team so that they know about this when the day comes they get pinged by to do an offboarding.
Happy to help with the process.
@Htriedman I'm responsible for offboarding you from any systems you no longer require access to and I was informed that there where "special consideration", meaning that you would require continued access to certain systems.
Currently we have you listed as having access to: analytics_privatedata_users and analytics-platform-eng-admins. I talked to @acooper who confirms that you can keep that access, if needed, and assuming the volunteer NDA is signed. If you don't need I'd like to remove you from any systems you are not using, and update your email address to your private email.
@Reedy Given that @Htriedman won't be needing access to security and privacy related tickets in Phabricator, could you remove the access to the acl*security_team policy in Phabricator. That isn't something I have access to.
@SLyngshede-WMF that sounds like a good plan! Can you link me too the volunteer NDA? I may have already signed it when I was an intern back in 2021, but I'd love to check. As for my personal email, I've updated wikitech and phab to be associated with it (still waiting on gitlab to update), as detailed higher up in this thread. Anything else I need to do there?
Hi @Htriedman I can see that you are not on the doc that lists people who signed the NDA. There is often some confusion around it because there used to be different "NDAs" including one in Phabricator itself. But nowadays this all goes through legal and their new system. So Katie Francis can send you the text of that via direct email.
@Dzahn Got it — yeah, the one I recall signing a few years ago was through the phab UI. I'll wait for Kate to weigh in and send me the email!
Hi @Htriedman, my apologies for the delay in getting back to you. Please send your personal email address to kfrancis@wikimedia.org and I'll work on getting the NDA out to you.
@KFrancis email sent!
and @SLyngshede-WMF this hasn't happened yet, but I'm wondering if ITS will be removing my 1Password institutional subscription? It would be bad to get cut off from my passwords all of a sudden, I'd like to know if I need to get my own personal subscription in the next few days.
Hi @Htriedman - we've kept your Wiki and 1Password accounts active given your pending return.
As of a few weeks ago I am no longer an employee of WMF, so feel free to change it over whenever @Dzahn!
Mentioned in SAL (#wikimedia-operations) [2024-08-20T16:28:00Z] <mutante> LDAP - removed htriedman from wmf group, added htriedman to nda group (T371644)
@Htriedman You have now been removed from the "wmf" LDAP group and added to the "nda" LDAP group. Most of the web-based logins have rules like "wmf OR nda", so it should be no practical difference. There might be some special cases but if there are it would be good to surface them.
Would be nice to learn what was done to get this to resolved. Did it involve running the offboarding script with the right parameters?
@SLyngshede-WMF I see. Thanks for the update. I was just curious how the process works. No worries.
@SLyngshede-WMF Hello! Today is my first day back as a contractor. As of right now, I'm unable to log into Okta or officewiki — is there any process for reinstating access to those services? Happy to start a new ticket if needed.
@Htriedman Please check your personal GMail inbox. I sent a follow up message. There should also be a reset link provided there in case you need to update your Okta password.