T303858 created a `no-ipinfo` group to revoke access to IPInfo for individual users in a given project. However, no user (except stewards because we have both `userrights` and `userrights-interwiki`) can add or remove anyone to or from that group. While for now IPInfo is not offering any data not already visible or available, this is probably not urgent, but as the IP masking project progressescan, it'd be good to determine which local group can add or remove individual users to the `no-ipinfo` group.by default, I suggest we allow administratorsadd or remove anyone to add/remove users to/or from that group via the IPInfo extension.json.
On Wikimedia wikis, stewards and some WMF staff members in privileged local or global user groups are able to. Apparently this is how the Foundation wanted it for now per [[ https://foundation.wikimedia.org/wiki/IP_Information_tool_guidelines#Removal_of_access | the guidelines ]].
While for now IPInfo is not offering any data not already visible or available, this is probably not urgent, but as the IP masking project progresses, it'd be good to determine if we want to allow local users to manage this group, and if so, which one(s).
I suggest we allow administrators to add/remove users to/from that group via the IPInfo extension.json.
Partially off-topic question: what do we do if we need to revoke an user access to IPInfo globally, across several or all Wikimedia projects? CentralAuth's global user rights, as far as I know, do //not// support a function such as `$wgRevokePermissions`, and adding the no-ipinfo group on 700+ wikis, manually, do //not// support a function such as `$wgRevokePermissions`does not scale.