Page MenuHomePhabricator
Create Task
Maniphest T380592

xLab: Improve Regulation section
Closed, ResolvedPublic3 Estimated Story Points
Actions

Assigned To
Sfaci
Authored By
Sarai-WMF
Nov 22 2024, 1:50 PM
Tags
Referenced Files
F62404667: Screenshot 2025-06-20 at 20.45.41.png
Jun 20 2025, 6:54 PM
F62404534: Screenshot 2025-06-20 at 20.31.55.png
Jun 20 2025, 6:54 PM
F62404716: Screenshot 2025-06-20 at 20.51.10.png
Jun 20 2025, 6:54 PM
F57745457: Screenshot 2024-11-25 at 13.14.37.png
Nov 25 2024, 12:25 PM
F57745453: image.png
Nov 25 2024, 12:25 PM
F57733445: image.png
Nov 22 2024, 5:54 PM
F57733184: image.png
Nov 22 2024, 3:45 PM
F57733017: image.png
Nov 22 2024, 1:50 PM
Subscribers
Aklapper
cjming
JVanderhoop-WMF
kostajh
phuedx
Sarai-WMF
VirginiaPoundstone

Description

Problem

The contents of the "Regulation" section in the artifact creation form are not completely aligned with the risk assessment process that experiment owners have to follow (and are familiar with) in order to ensure compliance with WMF's data collection guidelines. In particular, one of the fields requires users to provide a link to the Security and Legal review, when not all data collection projects require it. On the other hand, the "Compliance requirements" field was particularly cryptic in meaning, with users generally missing further clarification of system expectations.

Suggested solution

Fields in the "Regulation" section should be aligned with the steps of the risk assessment process, following @VirginiaPoundstone's suggestions.

ComponentsFlow overviewValidation
Screenshot 2025-06-20 at 20.51.10.png (1×3 px, 272 KB)
Screenshot 2025-06-20 at 20.31.55.png (1×3 px, 316 KB)
Screenshot 2025-06-20 at 20.45.41.png (650×3 px, 192 KB)
We'll provide users with a 'Risk level' select component that allows users to specify the risks associated with their artifact, and conditionally enable a 'Security and legal review' input to collect the link to the L3SC review in case their artifact has medium or high risk.The 'Risk level' select is prefilled with the option 'Risk assessment pending', and provides 3 other options: 'Tier 1: High risk', 'Tier 2: Medium risk' and 'Tier 3: Low risk'. The 'Security and legal review' field below is required, and will remain disabled unless users select the options 'Tier 1: High risk' or 'Tier 2: Medium risk' from the 'Risk level' field. If users select either 'Risk assessment pending' or 'Tier 3:Low risk', then the 'Security and legal review' field will remain inactive.The 'Security and legal review' field will be validated on submit in case users attempt saving a configuration that they have assessed of High or Medium risk without providing a link to the L3SC review.
Find specifications in Figma
Open questions
  • The message "Data will be automatically discarded after 90 days of storage." seems to indicate that the system (Metrics platform) will be in charge of discarding said data. Is that the case? Does the message need to be updated to ensure accuracy?
Acceptance criteria
  • The Regulation section provides users with a new 'Risk level' select component that allows users to indicate the risk level associated with their artifact
  • The Regulation section provides a 'Security and legal review' input component that is disabled by default and becomes active if users select the options "Tier 1: High risk" or "Tier 2: Medium risk"
  • Inline validation is triggered under the 'Security and legal review' field if users try to submit high or medium risk artifact without providing the corresponding Security and Legal review link
  • Read view has been modified according to the section to show the Regulation details configured for the artifact
Deployment Instructions

https://phabricator.wikimedia.org/T380592#11102235

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
xLab: Deploy v0.8.4 release to productionoperations/deployment-chartsmaster+1 -1
xLab: Deploy v0.8.4 release to stagingoperations/deployment-chartsmaster+1 -1
xLab: Deploy v0.8.3 release to stagingoperations/deployment-chartsmaster+1 -1
Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Fixed low risk messagerepos/data-engineering/test-kitchen!229sfacifix-low-risk-messagemain
Customize query in GitLab

Related Objects
Search...

Event Timeline

Sarai-WMF created this task.Nov 22 2024, 1:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 22 2024, 1:50 PM
Sarai-WMF mentioned this in T373907: MPIC: Improve application copy.Nov 22 2024, 1:57 PM
Sarai-WMF updated the task description. (Show Details)Nov 22 2024, 3:45 PM
Sarai-WMF updated the task description. (Show Details)Nov 22 2024, 5:54 PM
Sarai-WMF updated the task description. (Show Details)Nov 25 2024, 12:25 PM
Sarai-WMF updated the task description. (Show Details)Nov 25 2024, 1:02 PM
Sarai-WMF added a comment.Nov 25 2024, 1:08 PM

Hi @VirginiaPoundstone! Your review of this task's specifications and open questions would be much appreciated. Thank you! 🙏🏻

Sarai-WMF updated the task description. (Show Details)Nov 25 2024, 1:19 PM
VirginiaPoundstone moved this task from Incoming to MPIC Alpha Scope on the Test Kitchen board.Jan 6 2025, 8:16 PM
VirginiaPoundstone removed a project: Metrics Platform.Jan 21 2025, 3:46 AM
Sarai-WMF renamed this task from MPIC: Improve Regulation section to xLab: Improve Regulation section.May 20 2025, 5:09 PM
Sarai-WMF added a project: Test Kitchen UI.
JVanderhoop-WMF moved this task from MPIC Alpha Scope to Old MPIC scope on the Test Kitchen board.Jun 2 2025, 5:55 PM
Milimetric moved this task from Old MPIC scope to READY TO GROOM on the Test Kitchen board.Jun 3 2025, 3:31 PM
JVanderhoop-WMF added a parent task: T394995: [EPIC] SDS 2.4.13. Make xLab UI compatible with new experimentation infrastructure.Jun 13 2025, 3:43 PM
JVanderhoop-WMF assigned this task to Sarai-WMF.Jun 13 2025, 3:56 PM
Sarai-WMF removed a parent task: T394995: [EPIC] SDS 2.4.13. Make xLab UI compatible with new experimentation infrastructure.Jun 13 2025, 4:39 PM
Milimetric set the point value for this task to 3.Jun 16 2025, 3:44 PM
phuedx added subscribers: kostajh, phuedx.Jun 19 2025, 3:28 PM

@Sarai-WMF: Do you think it's within the scope of this task to integrate this feedback from @kostajh about the "Compliance Requirements" section

I don't know what I'm supposed to input into "Compliance requirements" (it seems that "legal" or "gdpr" are options?)

?

Sarai-WMF added a comment.Jun 20 2025, 5:37 PM
In T380592#10932564, @phuedx wrote:

@Sarai-WMF: Do you think it's within the scope of this task to integrate this feedback from @kostajh about the "Compliance Requirements" section

I don't know what I'm supposed to input into "Compliance requirements" (it seems that "legal" or "gdpr" are options?)

?

That field will actually be removed in the new version of this section. This was a reaction to similar feedback! So, I guess we can consider it already integrated 👍🏻

Sarai-WMF updated the task description. (Show Details)Jun 20 2025, 6:54 PM
Sarai-WMF removed Sarai-WMF as the assignee of this task.Jul 2 2025, 3:22 PM
JVanderhoop-WMF subscribed.Jul 31 2025, 3:42 PM
Sfaci mentioned this in T401384: FY25-26 SDS2.1.5 User Experience - Attribute Selection.Aug 7 2025, 11:40 AM
Sfaci added a parent task: T401384: FY25-26 SDS2.1.5 User Experience - Attribute Selection.Aug 7 2025, 12:15 PM
Sfaci updated the task description. (Show Details)Aug 7 2025, 1:09 PM
Sfaci updated the task description. (Show Details)Aug 11 2025, 5:57 PM
JVanderhoop-WMF triaged this task as High priority.Aug 11 2025, 7:03 PM
JVanderhoop-WMF moved this task from READY TO GROOM to Backlog on the Test Kitchen board.
Milimetric edited projects, added Test Kitchen (Experiment Platform Sprint 10); removed Test Kitchen.Aug 12 2025, 3:16 PM
Sfaci claimed this task.Aug 15 2025, 9:02 AM
Sfaci moved this task from Ready for Development to In Progress on the Test Kitchen (Experiment Platform Sprint 10) board.
Sfaci added a subscriber: cjming.Aug 15 2025, 11:18 AM

@JVanderhoop-WMF I'm taking a look at this ticket and, according to its details, the Risk Level field might be set as Risk assessment pending. I have assumed that, because of that, users might want to save their instrument with that value in that field while that review is WIP/pending and modify the instrument later with the proper link (and then they will activate it). But I guess that, during that time, just in case we shouldn't allow them to activate the instrument. This situation is pretty related to a ticket we filed some time ago (T384707: [DRAFT] [UX recommendation] Allow saving incomplete configuration forms) in which we were exploring cases like this. So far all the relevant fields are considered as mandatory and the instrument cannot be save if they are not filled and, once you have saved the instrument, you can simply activated it (there is nothing that prevents you from doing it except when the start date is not 24 hours in the future).

So, do we want to make an exception for this case and allow Risk assessment pending as a value and prevent users from activating the instrument until that field is set to "low/medium/high" level? If not I guess we could ignore that value and set the field as mandatory with only the three different risk level as allowed values
cc @phuedx @cjming

CodeReviewBot added a project: Patch-For-Review.Aug 15 2025, 4:19 PM

sfaci opened https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/226

Draft: Improved Regulation Section

Sfaci moved this task from In Progress to Needs Review on the Test Kitchen (Experiment Platform Sprint 10) board.Aug 18 2025, 11:51 AM
Sfaci mentioned this in T401366: xLab: Update Traffic/Sample rate section in the Read view for instruments and experiments.

https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/226 is ready for review. It also includes T401366: xLab: Update Traffic/Sample rate section in the Read view for instruments and experiments

Milimetric edited projects, added Test Kitchen (Experiment Platform Sprint 11); removed Test Kitchen (Experiment Platform Sprint 10).Aug 18 2025, 2:57 PM
Milimetric moved this task from Ready for Development to Needs Review on the Test Kitchen (Experiment Platform Sprint 11) board.
CodeReviewBot added a comment.Aug 20 2025, 8:52 AM

phuedx merged https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/226

Improved Regulation Section

phuedx moved this task from Needs Review to To Deploy on the Test Kitchen (Experiment Platform Sprint 11) board.Aug 20 2025, 8:53 AM
Maintenance_bot removed a project: Patch-For-Review.Aug 20 2025, 9:31 AM
Sfaci added a comment.EditedAug 20 2025, 1:29 PM

This task has made some changes in he database, so an upgrade will need to be done where deploying this change on staging/production:

After taking a look at all the experiments registered on production, I have confirmed that all of them have been set as Low risk. Some of them have filled security_legal_review with ticket/doc to say that but it's not required so I think we can just set the right risk level and leave security_legal_review as empty.

// Change compliance_requirements column
ALTER TABLE instruments CHANGE COLUMN compliance_requirements risk_level VARCHAR(255) NOT NULL;
// Set all instruments as low risk (all published so far have been set with that level risk)
UPDATE instruments SET risk_level = 'Tier 3: Low risk';
// Set security_legal_review as empty for all instruments (all of them are low risk so they don't need to fill this field)
UPDATE instruments SET security_legal_review = '';
phuedx updated the task description. (Show Details)Aug 20 2025, 4:39 PM
Sfaci mentioned this in T384106: Typing in compliance value instead of selecting from dropdown displays empty validation.Aug 21 2025, 11:03 AM
gerritbot added a comment.Aug 22 2025, 11:03 AM

Change #1181111 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[operations/deployment-charts@master] xLab: Deploy v0.8.3 release to staging

https://gerrit.wikimedia.org/r/1181111

gerritbot added a project: Patch-For-Review.Aug 22 2025, 11:03 AM
gerritbot added a comment.Aug 22 2025, 4:42 PM

Change #1181111 merged by jenkins-bot:

[operations/deployment-charts@master] xLab: Deploy v0.8.3 release to staging

https://gerrit.wikimedia.org/r/1181111

Maintenance_bot removed a project: Patch-For-Review.Aug 22 2025, 5:31 PM
CodeReviewBot added a project: Patch-For-Review.Aug 22 2025, 5:39 PM

sfaci opened https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/229

Fixed low risk message

Sfaci moved this task from To Deploy to Needs Review on the Test Kitchen (Experiment Platform Sprint 11) board.Aug 22 2025, 5:58 PM
CodeReviewBot added a comment.Aug 22 2025, 7:06 PM

cjming merged https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/229

Fixed low risk message

Maintenance_bot removed a project: Patch-For-Review.Aug 22 2025, 7:30 PM
Sfaci moved this task from Needs Review to To Deploy on the Test Kitchen (Experiment Platform Sprint 11) board.Aug 25 2025, 9:05 AM
gerritbot added a comment.Aug 25 2025, 8:21 PM

Change #1181773 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[operations/deployment-charts@master] xLab: Deploy v0.8.3 release to staging

https://gerrit.wikimedia.org/r/1181773

gerritbot added a project: Patch-For-Review.Aug 25 2025, 8:21 PM
gerritbot added a comment.Aug 25 2025, 8:25 PM

Change #1181773 merged by jenkins-bot:

[operations/deployment-charts@master] xLab: Deploy v0.8.4 release to staging

https://gerrit.wikimedia.org/r/1181773

Maintenance_bot removed a project: Patch-For-Review.Aug 25 2025, 8:32 PM
gerritbot added a comment.Aug 26 2025, 10:21 AM

Change #1182112 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[operations/deployment-charts@master] xLab: Deploy v0.8.4 release to production

https://gerrit.wikimedia.org/r/1182112

gerritbot added a project: Patch-For-Review.Aug 26 2025, 10:21 AM
gerritbot added a comment.Aug 26 2025, 4:01 PM

Change #1182112 merged by jenkins-bot:

[operations/deployment-charts@master] xLab: Deploy v0.8.4 release to production

https://gerrit.wikimedia.org/r/1182112

Maintenance_bot removed a project: Patch-For-Review.Aug 26 2025, 4:31 PM
Sfaci updated the task description. (Show Details)Aug 26 2025, 5:48 PM

This work has been deployed and it's working as expected on production

Sfaci moved this task from To Deploy to Done on the Test Kitchen (Experiment Platform Sprint 11) board.Aug 26 2025, 5:51 PM
JVanderhoop-WMF closed this task as Resolved.Aug 27 2025, 3:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits