Obviously yurik, being the service owner of graphoid needs to be able:
- to issue restarts to the service
- assume the uid of the service itself for debugging
- read the log file of the service locally should be need arise. (logstash should be preferred though)
https://phabricator.wikimedia.org/rOPUPa3c7cb9b9f6e14bf52383a7845ab9fd1ea66d97f added the necessary rights but they have not been yet assigned to the SCA cluster. For this to happen https://gerrit.wikimedia.org/r/#/c/208998/ needs to be merged. This is sudo access so deferring to the ops meeting on Monday.