Help:Access policies

From Wikitech
Jump to navigation Jump to search

All users of Wikimedia Cloud Services are required to abide by the Cloud Services Terms of Use.

In addition to standard in-project permissions, volunteers interested in working on the cloud infrastructure itself may apply for additional, elevated permissions.

Project Types

For the purposes of this discussion, there are four kinds of OpenStack projects:

  • "Normal" projects whose influence does not extend outside their own VMs. This is not covered in this document and is just up to the existing administrators of the project.
  • Tools: the Toolforge project
  • Cloudinfra: the project that contains services that support or act on all other VMs, including (soon) cloud-wide puppetmasters
  • "Special" projects: other projects which have wide-reaching effects on all services, e.g. ‘project-proxy’.

Access Types

There are several forms of escalated access that we can grant to users. Each should be considered a separate escalation, although in some cases there is overlap in the capabilities of each:

  • Projectadmin role in a Special project
  • Tool root: Users who need to do administrative work in Toolforge
  • Cloud-wide root: root key in labs/private, membership in the "cloudinfra" project
  • Cloud admin: membership in ‘admin’ project and/or cloudadmin on wikitech

Application Process

Volunteers can apply to have one of the above roles granted via a Phabricator ticket. This request will be communicated to the existing group of people with similar privileges and to the Trust and Safety team and a one week comment period will be observed. If there are no strong objections then anyone other than the applicant may implement the rights change. (Note that this means that a volunteer is allowed to escalate the rights of another volunteer, presuming general agreement from staff and others during the waiting period.)


In addition to the above approval process, volunteers with escalated rights must:

Expiration or Revocation of Special Rights

Special permissions may be removed for any of the following reasons:

  • End of employment with the Wikimedia Foundation (if applicable), unless the employee plans on continuing as a volunteer
  • User is idle and unreachable by other cloudadmins
  • Unapproved escalation of privileges for self or others
  • Pattern of complaint from multiple other staff or volunteers
  • Violation of the Cloud Services Terms of use
  • Request by Wikimedia Foundation legal or security staff
  • Compromised account (this will result in temporary removal of rights until the account is secured.)