Simplify group memberships for nightwatch members

RESOLVED FIXED

Status

()

RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: mfuller, Assigned: reed)

Tracking

Production

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
As we chatted about today, I'm filing a bug to create the nightwatch group and simplify our bugzilla membership for security. The ultimate goal is to have a new security team member subscribe to one group (nightwatch) and have all the necessary permissions.

Here's a summary:
- Create a bugzilla group called "nightwatch." Everyone who is on the LDAP nightwatch list will be added to the bugzilla nightwatch group.
- The nightwatch bugzilla group will be added to the following groups (which have all the permissions needed):
   - client-services-security-team
   - websites-security-team
   - webtools-security-team
   - security-release-team
- Individual users who are part of the smaller groups above will be removed if they are also part of nightwatch (makes it cleaner and they're not added twice).
- When new security members are added, they only need to be added to nightwatch since that group has all the permissions they need.
(Assignee)

Updated

6 years ago
Assignee: administration → reed
Component: Administration → Administration
OS: Mac OS X → All
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Hardware: x86 → All
Summary: Simplify Bugzilla Security Group Membership → Simplify group memberships for nightwatch members
Version: unspecified → Production
(In reply to Matt Fuller :mfuller from comment #0)
> - The nightwatch bugzilla group will be added to the following groups (which
> have all the permissions needed):
>    - client-services-security-team
>    - websites-security-team
>    - webtools-security-team
>    - security-release-team

So, instead of security-release-team, I added mozilla-services-security. security-release-team has access to Firefox security bugs and has a separate process for access granting (and folks have to be added to the website list). If dveditz wants to specifically make some exception to the rules that allows for nightwatch members to immediately get s-r-t, then he's welcome to, but that's outside my comfort zone, especially since very few of the current nightwatch members have access to those bugs currently.

Also, might be good to add bugzilla-security-team to this list, but justdave will need to approve that. A bunch of folks on nightwatch already have this permission, so I personally don't really have an issue with giving the rest of them access to see Bugzilla security bugs.

> - Individual users who are part of the smaller groups above will be removed
> if they are also part of nightwatch (makes it cleaner and they're not added
> twice).

I did that for some of the newer members, but for the super old-timers, I left their double permissions alone. Can always be cleaned-up later if needed.

Anyway, this should be done. Both mcoates and dveditz have access to bless this group.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.