Change Details

**What will be logged** When election admins access voter data (T270342): * Who accessed the voter data * Which election * Timestamp When admins are added to or removed from an election (T270313): * Which election was the new admin added/removed for * Who added the new admin * Username for the new admin * Which action was performed (addition/removal/something else?) * Timestamp for this action **Proposed table structure** Table: securepoll_log Columns: spl_id (primary key) spl_timestamp spl_election_id (securepoll_elections.el_entity) spl_actor (actor ID of admin) spl_type (similar to cu_log.cul_type, e.g. 'accessdata', 'addadmin', 'removeadmin') spl_target (actor ID of admin target, for 'addadmin' and 'removeadmin' only) Ideally we'd be ale to filter by election, performer, type, target and timestamp (T271268#6730209). I expect we'll want to sort by timestamp, so we'll need an index for that. Do we also need an index for each field that we filter by? (If so, do we need choose fewer fields that can be filtered?) **Usage expectations** We expect this table to be small, given the current use of SecurePoll. If SecurePoll is used for more types of elections in the future, the number of elections per year would increase. Everything below is based on the SecurePoll's current useage. Assumptions (erring on overestimating): * 2-3 elections a year (based on https://vote.wikimedia.org/w/index.php?title=Special%3ASecurePoll) * 20 admins per election * each admin gets added and removed once * each admin looks up data 10 times * the logging feature will only be enabled on votewiki, so the table will only be on votewiki (and testwiki) * the table contains no private data, so can be public Expectations for the table based on these assumptions (questions taken from T260372#6482475): * Size of the table (number of rows expected): <250 per election * Expected growth per year (number of rows): hundreds * Expected writes to the table (per minute, per hour...per day, any of those are ok): <10 per day * Expected amount of reads: <10 per day * Can this table be public or private (so we know if it can be replicated to our public cloud infra or it needs to be filtered): public * The release plan for the feature (are there specific wikis you'd like to test first etc): Test on the beta cluster first, followed by testwiki and then the rest of the wikis. **Related investigations** {T270313} {T270342}

**What will be logged** When election admins access voter data (T270342): * Who accessed the voter data * Which election * Timestamp When admins are added to or removed from an election (T270313): * Which election was the new admin added/removed for * Who added the new admin * Username for the new admin * Which action was performed (addition/removal/something else?) * Timestamp for this action **Proposed table structure** Table: securepoll_log Columns: spl_id (primary key) spl_timestamp spl_election_id (securepoll_elections.el_entity) spl_actor (actor ID of admin) spl_type (similar to cu_log.cul_type, e.g. 'accessdata', 'addadmin', 'removeadmin') spl_target (actor ID of admin target, for 'addadmin' and 'removeadmin' only) Ideally we'd be ale to filter by election, performer, type, target and timestamp (T271268#6730209). I expect we'll want to sort by timestamp, so we'll need an index for that. Do we also need an index for each field that we filter by? (If so, do we need choose fewer fields that can be filtered?) **Usage expectations** We expect this table to be small, given the current use of SecurePoll. If SecurePoll is used for more types of elections in the future, the number of elections per year would increase. Everything below is based on the SecurePoll's current useage. Assumptions (erring on overestimating): * 2-3 elections a year (based on https://vote.wikimedia.org/w/index.php?title=Special%3ASecurePoll) * 20 admins per election * each admin gets added and removed once * each admin looks up data 10 times * the logging feature will only be enabled on votewiki, so the table will only be on votewiki (and beta wikis, testwiki) * the table contains no private data, so can be public Expectations for the table based on these assumptions (questions taken from T260372#6482475): * Size of the table (number of rows expected): <250 per election * Expected growth per year (number of rows): hundreds * Expected writes to the table (per minute, per hour...per day, any of those are ok): <10 per day * Expected amount of reads: <10 per day * Can this table be public or private (so we know if it can be replicated to our public cloud infra or it needs to be filtered): public * The release plan for the feature (are there specific wikis you'd like to test first etc): Test on the beta cluster first, followed by testwiki and then the rest of the wikis. **Related investigations** {T270313} {T270342}

**What will be logged** When election admins access voter data (T270342): * Who accessed the voter data * Which election * Timestamp When admins are added to or removed from an election (T270313): * Which election was the new admin added/removed for * Who added the new admin * Username for the new admin * Which action was performed (addition/removal/something else?) * Timestamp for this action **Proposed table structure** Table: securepoll_log Columns: spl_id (primary key) spl_timestamp spl_election_id (securepoll_elections.el_entity) spl_actor (actor ID of admin) spl_type (similar to cu_log.cul_type, e.g. 'accessdata', 'addadmin', 'removeadmin') spl_target (actor ID of admin target, for 'addadmin' and 'removeadmin' only) Ideally we'd be ale to filter by election, performer, type, target and timestamp (T271268#6730209). I expect we'll want to sort by timestamp, so we'll need an index for that. Do we also need an index for each field that we filter by? (If so, do we need choose fewer fields that can be filtered?) **Usage expectations** We expect this table to be small, given the current use of SecurePoll. If SecurePoll is used for more types of elections in the future, the number of elections per year would increase. Everything below is based on the SecurePoll's current useage. Assumptions (erring on overestimating): * 2-3 elections a year (based on https://vote.wikimedia.org/w/index.php?title=Special%3ASecurePoll) * 20 admins per election * each admin gets added and removed once * each admin looks up data 10 times * the logging feature will only be enabled on votewiki, so the table will only be on votewiki (and beta wikis, testwiki) * the table contains no private data, so can be public Expectations for the table based on these assumptions (questions taken from T260372#6482475): * Size of the table (number of rows expected): <250 per election * Expected growth per year (number of rows): hundreds * Expected writes to the table (per minute, per hour...per day, any of those are ok): <10 per day * Expected amount of reads: <10 per day * Can this table be public or private (so we know if it can be replicated to our public cloud infra or it needs to be filtered): public * The release plan for the feature (are there specific wikis you'd like to test first etc): Test on the beta cluster first, followed by testwiki and then the rest of the wikis. **Related investigations** {T270313} {T270342}