Closed Bug 1271603 Opened 8 years ago Closed 8 years ago

Permission for custom queries and PII on crash-stats for ekyle

Categories

(Socorro :: General, task)

Product:
Socorro
Component:
General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ekyle, Assigned: peterbe)

Details

I, Kyle Lahnakoski, acknowledge the following rules are to be obeyed when dealing with Socorro and crash stats data:

* Crash dumps contain memory contents, and may contain private user data.

* Only access dumps as necessary.

* Keep them securely on Mozilla hardware.

* When finished with a dump, delete it (within 30 days)

* Do not share personal data from the dump publicly (on bugzilla, irc, etc)

* Do not share personal data with non-employees, including partner
  organizations, without consultation and explicit permission from
  Peter Bengtsson (peterbe@mozilla.com) or Lonnen (lonne@mozilla.com).
  A signed NDA and other arrangements will be required of the other organization.

* It is fine to share stack traces, analysis, and other non-personal data

* Access is conditional on employment and will be revoked upon departure from Mozilla
Adding jgriffin, my manager, to vouch for me.
(In reply to Kyle Lahnakoski [:ekyle] from comment #1)
> Adding jgriffin, my manager, to vouch for me.

I vouch for Kyle's access to this data, if that's needed.
Kyle, Thanks. You're acked. We'll take care of it. Just need to figure out our own configuration of groups.

Lonnen, Adrian; Note: We don't have  specific group for "Run Custom Queries in Super Search". 
Is it not so that having that permission is the same as viewing PII etc? If so, can we include this permission with the "Hackers" group?
Assignee: nobody → peterbe
Flags: needinfo?(adrian)
Running Custom Queries is mostly identical to viewing PII, with the added risk that there is no validation of the request, so it is possible for users to run broken queries, scripts, and so on. I'd be in favor of not adding that permission to the Hacker group, and either adding it to Hacker Plus or creating a new group.
Flags: needinfo?(adrian)
Kyle, 
With great powers comes great responsibility. 
Go to https://crash-stats.mozilla.com/profile/ to get a listing of your permissions you have now.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.