We need to resolve these questions related with Phabricator permissions:
Administrative
NO ONE CAN BE AN ADMINISTRATOR IN PHABRICATOR WHO HAS NOT SIGNED AN NDA.
Protected data will be both accessible, and there will exist the ability to make it, accidentally or on purpose, accessible to others.
Actual Phab "administrators" are only going to be @Aklapper, mukunda?, and @rush at this time that I am aware of.
General Permissions
- Anonymous users should be able to access all the public information as read-only.
- All Users will have the simplest UI for creating and editing tasks.
Janitorial
- Advanced users needing to set priority, status and assigned fields can join acl*Batch-Editors.
- We will need an equivalent to #phabricator-request-project. Who will be members of this team?
Security
There are 4 types security oriented tasks at the moment. Seen here:
security-bug: 'Security or Sensitive Bug' ops-access-request: 'Operations Access Request' ops-procurement: 'Operations Procurement' sensitive: 'Another Private Issue'
At least two distinct groupings, and probably two parts related to OPS.
Security-Bugs
- (humans) - security bug & sensitive (which is a catchall for anything a user wants to file as a security task)
- Anyone who is in the Security project now in Bugzilla (https://bugzilla.wikimedia.org/editusers.cgi?action=list&matchvalue=login_name&matchstr=&matchtype=substr&grouprestrict=1&groupid=15)
Operations:
- (humans) - ops-access-request & pops-procurement
- anyone who is in ops for WMF (can be seen here: http://fab.wmflabs.org/diffusion/OPSPUPPET/browse/production/modules/admin/data/data.yaml;e2f229a3c104781414fdb1a2f34e5ae2632c9366$9-14)
Operations-NDA:
- (humans) - ops-access-request visible only(?)
- anyone who has signed an NDA and can see RT stuff now.
We may leave out the ops stuff at the outset to not confuse as RT will still be in place.
As far as I know there are no other projects for which we need to completely restrict membership.
- Any other topic requiring special permissions on Day 1?