I am not @MLechvien-WMF's manager (adding @Kappakayala for that) but as a fellow manager in SRE, +1ing his request as we discussed it in a video call.

Confirming @MLechvien-WMF has Phab 2fa enabled. @Kappakayala and @MLechvien-WMF - would you be able to provide a bit more detail about the need for this request? e.g. specific lines of work and Phabricator task examples that @MLechvien-WMF need access to? Thanks.

As the new manager of SRE/ServiceOps, there are tasks that are referenced/discussed in my day to day work and I can't access them because I am not part of acl_security.

I will also need to have this access to look up and follow tasks such as https://phabricator.wikimedia.org/T355949

Thanks

More example of bugs I can't access to:

• https://phabricator.wikimedia.org/T401695 eqsin upload issues timeout
• https://phabricator.wikimedia.org/T406119 thumbor overloaded

In T412120#11454151, @MLechvien-WMF wrote:

More example of bugs I can't access to:

• https://phabricator.wikimedia.org/T401695 eqsin upload issues timeout
• https://phabricator.wikimedia.org/T406119 thumbor overloaded

Those are both filed by @corto -- perhaps we could have a Herald rule that auto-subscribes relevant users? Once you're subscribed, you can view those tasks.

In T412120#11454221, @kostajh wrote:

In T412120#11454151, @MLechvien-WMF wrote:

More example of bugs I can't access to:

• https://phabricator.wikimedia.org/T401695 eqsin upload issues timeout
• https://phabricator.wikimedia.org/T406119 thumbor overloaded

Those are both filed by @corto -- perhaps we could have a Herald rule that auto-subscribes relevant users? Once you're subscribed, you can view those tasks.

... or at least, that's how I thought it worked. After adding @MLechvien-WMF, phab says "No View Permission" for that user in the "Subscribers" list

In T412120#11454221, @kostajh wrote:

perhaps we could have a Herald rule that auto-subscribes relevant users?

I'd note that this would add an extra layer of complexity that would need to become part of various audit, on/offboarding, etc. processes. Introducing new mechanisms like this has a non-zero cost.

@MLechvien-WMF - We're still waiting on final approval to add you to the acl*security_sre.

In T412120#11454228, @kostajh wrote:

... or at least, that's how I thought it worked. After adding @MLechvien-WMF, phab says "No View Permission" for that user in the "Subscribers" list

The task's View Policy is members of acl*security. The task's View Policy is not members of acl*security or tasks subscribers.

Hi,

Is there any update on this request?

Please let me know if anything else is needed from my end.

Thanks!

In T412120#11459166, @MLechvien-WMF wrote:

Is there any update on this request?

Please let me know if anything else is needed from my end.

Should have an answer soon, thanks for your patience (cc: @EMill-WMF, @Rsilvola)

@MLechvien-WMF This is approved - as @sbassett said, thanks for your patience.

Thanks. However I still get access denied when accessing the example bugs I linked:

• https://phabricator.wikimedia.org/T355949
• https://phabricator.wikimedia.org/T401695 eqsin upload issues timeout
• https://phabricator.wikimedia.org/T406119 thumbor overloaded

Is there anything specific I should do for this approval to be propagated?

Thanks, all works now!