Providing access to admin with limited power to trusted users

NEW
Unassigned

Status

developer.mozilla.org
General
--
enhancement
4 years ago
4 years ago

People

(Reporter: Jeremie, Unassigned)

Tracking

Details

(Reporter)

Description

4 years ago
This bug is here to discuss how it could be possible to give more admin like privilege to our most trusted users.

Curently, it some of the feature only available in the admin interface could be interresting to be open to trusted user. This include:

* List of e-mail of users (this could be unnecessary once the on-site messaging project will land on Kuma)
* Tag management and almost everything under the "Wiki" section of the admin panel

I guess other part of the admin need to be evaluate as well, feel free to discuss them here.

In a more general sens: we need to delegate more power to some of our trusted users in order to engage them more within the decision process and life of MDN.
Agreed. We would want to evaluate everything to see what we want the staff level to have, but certainly being able to review the list of users is one of those.

I think purging the deleted pages should be super-user only, but most other wiki tasks should be available to the "staff" level.
The fewer people that can access personal information, the better.  After recent occurrences, we should be focused on tightening and not opening.  I see no reason for non-staff to have access to user emails.
(Reporter)

Comment 3

4 years ago
(In reply to David Walsh :davidwalsh from comment #2)
> The fewer people that can access personal information, the better.  After
> recent occurrences, we should be focused on tightening and not opening.  I
> see no reason for non-staff to have access to user emails.

In essence I totally agree.

The needs is: We need to grant some user (topic drivers for example) to help us engaging other users. To do that, it is necessary to keep track of contribution and give the ability to contact the contributor to thanks them. 

The right solution is definitely to move forward the on-site messaging system. Until then, what about some carful access to some trusted people?

That said, when you stated that there is "no reason for non-staff to have access to user emails", I wish to state that actually, there is also no good reason for ALL staff members to access such data. I see no reason to not granted some trusted users if we grand any staff to access such data. If security is clearly an issue here we must to be very strict and coherent, being payed staff does not guaranty anything. I already saw contributors being way more trustable and reliable than payed staff (not necessarily at Mozilla).
+1 to move PII away from ALL staff members.

Do we have a specific bug for this "contact the contributor to thanks them" feature? That's a nice, concise feature we could start scoping soon.
We need to deep dive into this subject, since it is so related to the overall communication system project which is under heavy discussion. This bug may be closed when we have more detailed bugs related to the communication system. 

We also need to file a separate bug for tag management.
Severity: normal → enhancement
The discussion about the communication system needs to include a method for users to opt out of all or parts of communication.
(Reporter)

Comment 7

4 years ago
For tag management, we already have several open bugs (the tag feature will need some serious attention at some point): bug 735783, bug 818491 or bug 818496
But if you feel it's necessary, I con open a new one.
You need to log in before you can comment on or make changes to this bug.