Change Details

This is a new access request for @ehughes. They require the following access: (mark each box with an x) [ ] civicrm web access [ ] standard access [ ] donor services access [x] ssh access - if specific hosts: `frdev1001` [x] mysql - if specific hosts or databases: `list here` [x] superset [ ] other: `please explain` Thank you! --- == New User Procedure / Checklist == When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access. === Prerequisites === Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved. ==== [x] user_verification ==== Requires: user request [x] access_rights: letter to C level (currently Lisa) verifying grant of access [x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List === Accounts and Services === ==== [ ] user account ==== Requires: user_verification [ ] Add the user to the users.yaml and group_members.yaml files as appropriate. [ ] Push out puppet changes. ==== [ ] yubikey ==== Requires: useraccount and ITS request to send out yubikey to user [ ] physical: Make a request to ITS to have a key sent to the user [ ] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp [ ] follow_on: Make sure user can use yubikey for ssh access ==== [ ] ssh ==== Requires: useraccount and yubikey [ ] key_setup: Send template/docs for generating keypair and ~/.ssh/config file [ ] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username [ ] follow_on: Verify user can ssh using correct creds and passphrases when needed. ==== [ ] mysql ==== Requires: useraccount, yubikey, ssh [ ] account_setup [ ] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa [ ] Ensure user is in correct blocks for select rights on dbs. - Generally use another user in same group as a guide [ ] Run the grant script to get the grants. [ ] Copy/paste to execute the grants on appropriate dbs. [ ] Create the user a ~/.my.cnf file with the original password from account creation. [ ] follow_on: Verify user can ssh to the required host and log in to mysql.

This is a new access request for @ehughes. They require the following access: (mark each box with an x) [ ] civicrm web access [ ] standard access [ ] donor services access [x] ssh access - if specific hosts: `frdev1001` [x] mysql - if specific hosts or databases: `list here` [x] superset [ ] other: `please explain` Thank you! --- == New User Procedure / Checklist == When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access. === Prerequisites === Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved. ==== [x] user_verification ==== Requires: user request [x] access_rights: letter to C level (currently Lisa) verifying grant of access [x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List === Accounts and Services === ==== [x] user account ==== Requires: user_verification [x] Add the user to the users.yaml and group_members.yaml files as appropriate. [x] Push out puppet changes. ==== [ ] yubikey ==== Requires: useraccount and ITS request to send out yubikey to user [x] physical: Make a request to ITS to have a key sent to the user [x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp [ ] follow_on: Make sure user can use yubikey for ssh access ==== [ ] ssh ==== Requires: useraccount and yubikey [x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file [ ] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username [ ] follow_on: Verify user can ssh using correct creds and passphrases when needed. ==== [ ] mysql ==== Requires: useraccount, yubikey, ssh [ ] account_setup [ ] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa [ ] Ensure user is in correct blocks for select rights on dbs. - Generally use another user in same group as a guide [ ] Run the grant script to get the grants. [ ] Copy/paste to execute the grants on appropriate dbs. [ ] Create the user a ~/.my.cnf file with the original password from account creation. [ ] follow_on: Verify user can ssh to the required host and log in to mysql.

This is a new access request for @ehughes. They require the following access: (mark each box with an x) [ ] civicrm web access [ ] standard access [ ] donor services access [x] ssh access - if specific hosts: `frdev1001` [x] mysql - if specific hosts or databases: `list here` [x] superset [ ] other: `please explain` Thank you! --- == New User Procedure / Checklist == When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access. === Prerequisites === Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved. ==== [x] user_verification ==== Requires: user request [x] access_rights: letter to C level (currently Lisa) verifying grant of access [x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List === Accounts and Services === ==== [ x] user account ==== Requires: user_verification [ x] Add the user to the users.yaml and group_members.yaml files as appropriate. [ x] Push out puppet changes. ==== [ ] yubikey ==== Requires: useraccount and ITS request to send out yubikey to user [ x] physical: Make a request to ITS to have a key sent to the user [ x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp [ ] follow_on: Make sure user can use yubikey for ssh access ==== [ ] ssh ==== Requires: useraccount and yubikey [ x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file [ ] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username [ ] follow_on: Verify user can ssh using correct creds and passphrases when needed. ==== [ ] mysql ==== Requires: useraccount, yubikey, ssh [ ] account_setup [ ] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa [ ] Ensure user is in correct blocks for select rights on dbs. - Generally use another user in same group as a guide [ ] Run the grant script to get the grants. [ ] Copy/paste to execute the grants on appropriate dbs. [ ] Create the user a ~/.my.cnf file with the original password from account creation. [ ] follow_on: Verify user can ssh to the required host and log in to mysql.