Requesting URLs viewing permission for my account

VERIFIED FIXED

Status

Socorro
General
VERIFIED FIXED
3 years ago
3 years ago

People

(Reporter: aaronmt, Assigned: lonnen)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Created attachment 8471776 [details]
My Permissions.png

Persona account: atrain@mozilla.com

Marc Schifer/Kevin Brosnan can vouch for me
Assignee: nobody → chris.lonnen

Comment 1

3 years ago
Marc, as Aaron's manager, can you please approve this request?

Lonnen, we should get him into the Hackers group.
Flags: needinfo?(mschifer)
I vouch for Aaron and approve.
Flags: needinfo?(mschifer)
(Assignee)

Comment 3

3 years ago
Hey Aaron --

This will give you access to PII (personally identifying info) and highly sensitive user data. There are some additional responsibilities that come with this. I'll need you to accept them before I can flip the bits for your account:

* Crash dumps contain memory contents, and may contain private user data.
* Only access dumps as necessary.
* Keep them securely on Mozilla hardware.
* When finished with a dump, delete it (within 30 days)
* Do not share personal data from the dump publicly (on bugzilla, irc, etc)
* Do not share personal data with non-employees, including partner organizations, without consultation and explicit permission from Lonnen(me). A signed NDA and other arrangements will be required of the other organization.
* It is fine to share stack traces, analysis, and other non-personal data
* Access is conditional on employment and will be revoked upon departure from Mozilla
Flags: needinfo?(aaron.train)

Comment 4

3 years ago
(In reply to Chris Lonnen :lonnen from comment #3)
> * Crash dumps contain memory contents, and may contain private user data.

Aaron doesn't need access to actual crash dumps, and I think the Hackers group members don't have or should have that (AFAIK those are still guarded by apache/LDAP, or am I wrong there?).
(Reporter)

Comment 5

3 years ago
(In reply to Chris Lonnen :lonnen from comment #3)
> Hey Aaron --
> 
> This will give you access to PII (personally identifying info) and highly
> sensitive user data. There are some additional responsibilities that come
> with this. I'll need you to accept them before I can flip the bits for your
> account:
> 
> * Crash dumps contain memory contents, and may contain private user data.
> * Only access dumps as necessary.
> * Keep them securely on Mozilla hardware.
> * When finished with a dump, delete it (within 30 days)
> * Do not share personal data from the dump publicly (on bugzilla, irc, etc)
> * Do not share personal data with non-employees, including partner
> organizations, without consultation and explicit permission from Lonnen(me).
> A signed NDA and other arrangements will be required of the other
> organization.
> * It is fine to share stack traces, analysis, and other non-personal data
> * Access is conditional on employment and will be revoked upon departure
> from Mozilla

I am only interested in URL's so that I don't need to request from other staff as Kairo mentioned. But otherwise, yes I accept.
Flags: needinfo?(aaron.train)
(Assignee)

Comment 6

3 years ago
Permissions are not so granular that we can enable just URLs for a single users. I've put you in the group with the minimum of extra permissions. URLs are sometimes personally identifiable, so think before you share them.

atrain@mozilla.com is set up with the following permissions:

Run Long Queries
View Exploitability Results
View Flash Exploitability Results
View Personal Identifiable Information
View Raw Dumps
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Reporter)

Updated

3 years ago
Status: RESOLVED → VERIFIED

Comment 7

3 years ago
(In reply to Chris Lonnen :lonnen from comment #6)
> View Raw Dumps

Yes, confusingly, that's something else than the "Crash dump" in your comment #3 points.

The permission here gives access to the processed information in the UI (which is a limited set produced by the processor out of the minidump), while the dumps in the first 4 points of comment #3 are the actual minidumps (point #5 applies to some of the information that is available in the UI as well, and the later ones do as well, of course).
You need to log in before you can comment on or make changes to this bug.