Everything Wiki talk:Interface administrators

From Everything Wiki
Jump to navigation Jump to search
0.00
(0 votes)

Implementation[edit]

Interface administrator rights were initially discussed at [1]. I'll repeat my summary comment from that discussion:

Based on the most recent description, and the (lack of) frequency of editing the user interface, this doesn't seem to be something that anyone needs on a regular basis. In a typical computing environment, users would have different accounts for different roles, only logging in as an administrator when necessary. In this environment, we have one account, but can adjust the roles when needed.

My preference is for no one to have the role on a permanent basis. I'd rather see us take one of two approaches:

  1. Interface administrator can be added on request for a short period of time (1 day or perhaps 1 week) to allow the changes to be made, and then the right expires again. It is up to the bureaucrat considering the request as to whether or not the user making the request is qualified to make the change.
  2. We can have a formal approval process for who is allowed to make user interface changes. Bureaucrats would only be able to authorize one of these users for a period of time (1 week - longer shouldn't be necessary).

There are two reasons for my hesitation to add the role permanently. 1) The role was created because this is a security risk. Accounts become compromised. The fewer rights someone has, the less risk is involved. 2) Requiring request and approval ensures that anyone wanting to make a user interface change runs their idea past a bureaucrat for review.

There have been three instances I can recall of users requesting user interface changes since the new role took effect 14 months ago. In two of the requests, the user was granted rights to make the changes. In the third request, I granted myself rights to make the change on behalf of the user. This has worked well with minimum delay and, from my perspective, proper oversight and control. I would advocate for the first option, with bureaucrats adding the role on request and a 24-hour expiration, which may be extended as needed for further testing.

Dave Braunschweig (discusscontribs) 14:47, 20 October 2019 (UTC)

Thanks for the link; I missed that thread. Above sounds good. Given how infrequent the need is we should have a simple process. --mikeu talk 17:32, 20 October 2019 (UTC)
As per discussion on Wikiversity:Request_custodian_action#Interface_admin_needed I am just adding a couple of points. As indicated by the recent request, to receive Interface Admin rights according to the WM:Meta Policy the user needs to have set up Two-factor authentication. This is because of the high security risk for this user right. On Wikispecies we have a semi permanent Interface Administrator as per Wikispecies Local Policy The user has the rights for maximum of 12 months at a time and is a highly trusted member of the Wikimedia Foundation. However, I do not think this is necessary and granting this right temporaily for a period of 24 hours to a maximum of 2 weeks is reasonable but should still be restricted to trusted users, they will usually have at least some administrative role already, demonstrate knowledge of CSS / Java whatever they are intending to do. They must also have the necessary security login as mentioned above. Cheers Scott Thomson (Faendalimas) talk 15:33, 24 October 2019 (UTC)

Musing from DannyS712[edit]

Discussions are archived for review purposes. Please start a new discussion to discuss the topic further.

Restriction on self-granting[edit]

Pinging users who participated above: {{#invoke: ping | ping }}

The policy specifies that bureaucrats should not grant themselves these rights (unless no one else is around). This be enforced at the technical level, and, if no one else is around to grant it, requests be filed with stewards. This helps to ensure that a compromised bureaucrat account doesn't cause as much damage.

If there is support for such a technical requirement, I have already written the code, and we just need to convince the developers that it would be useful; see phab:T44072.

Thoughts? --DannyS712 (discusscontribs) 06:51, 15 December 2019 (UTC)

  • Support Support yes this makes sense, crats are also accountable and there is the safety aspect for compromised account. Getting another crat or a steward to do it is not difficult. Cheers Scott Thomson (Faendalimas) talk 12:12, 15 December 2019 (UTC)
  • 15px Comment Seems like locking a screen door. It keeps honest people honest, but probably doesn't do anything in terms of improving security. A compromised account could be used to promote a secondary account very quickly. Then you have to add policies for how old is the account that is being promoted, etc. I think there's more to this than just self-granting. If WMF wants to implement this Wikimedia-wide, that's fine. But I don't see it being necessary just for Wikiversity. -- Dave Braunschweig (discusscontribs) 19:27, 15 December 2019 (UTC)


You are not allowed to post comments.