User:AKlapper (WMF)/BugzillaAdminPolicy

Note: This is a draft.

This document is meant to be a base for guidelines when to hand out Bugzilla administrator rights.

Incentive
A number of people are Bugzilla administrators which have more powers than other Bugzilla users, and some bug reports cover security vulnerabilities and hence are not accessible to the public. Without guidelines both aspects can create mistrust.

General Bugzilla tasks
Membership in the Bugzilla admin group is required for the following general tasks:
 * viewing the generated SQL query by using the &debug=1 URL parameter
 * deleting attachments (instead of just marking them as private)
 * editing Bugzilla field values (maybe, there is an 'admin' check in editvalues)
 * editing the bug status workflow

This list is not necessarily complete. Thanks to Byran Jones (:glob) for input.

Specific Wikimedia configuration

 * For the specific configuration of Wikimedia Bugzilla, the insidergroup to access comments and attachments marked as private is currently defined as the admin group.
 * Bugzilla allows defining automatic group membership for X if an account is member of the group Y or if the account's email address matches a specific regex defined for a group. The admin group in Wikimedia Bugzilla does not use the default automatic group membership inclusions (tweakparams, editusers, creategroups, editcomponents, editkeywords) but instead canconfirm, editbugs, editclassifications, security as of 2013/04/19. This might need further investigation.
 * The chartgroup is not influenced. It is set to the admin group by default in Bugzilla, but in the current Wikimedia Bugzilla configuration (2013/04/19) it is set to editbugs.

Other things to keep in mind

 * editusers group membership de facto means admin group membership anyway, as an account with editusers group membership can edit his/her account to set admin group membership. editusers group membership is needed to edit (or ban/block) Bugzilla accounts, e.g. in case of violations against the code of conduct policy.

Resulting Guideline
When none of the above tasks are to be executed by a specific Bugzilla user, combining other and more specific Bugzilla group memberships is prefered to handing out admin and/or editusers group membership. If admin group membership is handed out to individuals who are not employees of the Wikimedia Foundation it is required to sign an NDA first due to legal requirements (access to security bugs).

Reasons for restricted access to comments, reports, attachments
Access to a bug report, to specific comments, or to specific attachments in Bugzilla can be restricted in case they contain:


 * Copyrighted information
 * Spam advertisements for websites or non-Wikimedia related products
 * Potentially malicious attachments
 * Insults towards other users that violate the code of conduct policy.
 * On specific request of the author: Content that makes the author appear in a bad light (e.g. accidentially posted file content) or content that reveals critical private data (e.g. private WPA key)
 * Security defects are private until a resolution has been made available (see Backporting Fixes).

Useful queries
Accessing these links might require specific Bugzilla group memberships.


 * Bugzilla users with admin group membership
 * Bugzilla users with editusers group membership