Phabricator/Permissions

Roles and permissions in phabricator.wikimedia.org.

Anonymous users
Anonymous users can view all the public information as read-only.

Registered users
Registered users can perform all the common activities: create and edit tasks, comment, upload mockups and files, edit their own profile...

Any Wikimedia SUL and any Wikimedia LDAP user can register.

Phabricator team
The bureaucratic maintenance is handled by the Phabricator team: Only the members of this team can add new members. A process to join/leave this team must be defined.
 * creation of projects
 * homepage dashboard

Security related teams
The Security group project has access to Security issues. Chris Steipp and Phabricator admins can edit the group membership.

Administrators
Administrators can do and break a lot, although in Phabricator they are not all-powerful by design. They can access to protected data (except your password), and they can make it accessible to others accidentally.

For these reasons, membership of the Administrators team is very restricted. No one can be an administrator in Phabricator without signing an NDA. A process to join/leave this team must be defined. Also see the (now obsolete) Bugzilla administrator rights policy.