Allow senior staff and managers to edit Bugzilla components #7
Allow senior staff and managers to edit Bugzilla components #7
Conversation
RFC to distribute Bugzilla administration duties
|
Issue #6 |
emceeaich
changed the title
|
Suggestion: if a member of a magic group posts a bug to a particular component, could we mint and send a one-time capability URL to the reporter which would let them make the change? That way we'd have the public record of the change in the bug, and non-admin staff don't have long-lived permissions. |
|
Hmm, that's interesting 🤔
Since the non-admin staff are part of that magic group, wouldn't that count as still having a long-lived permission? It sounds like it's like a "permission proxy" such that the non-admins still have the ability to make changes, they just require one extra step (creating the bug) to perform the operation |
|
Thinking about this more: I think the "permission proxy" design would be
reasonable if it were difficult for us to restrict the components which
someone with `editcomponets` has access to. That way someone couldn't just
browse through the component editor and make one change after another. The
additional step of requesting the capability would mitigate the harm they
could do.
…On Fri, Feb 14, 2020 at 1:35 PM Mitchell Hentges ***@***.***> wrote:
Hmm, that's interesting 🤔
and non-admin staff don't have long-lived permissions.
Since the non-admin staff are part of that *magic group*, wouldn't that
count as still having a long-lived permission? It sounds like it's like a
"permission proxy" such that the non-admins still have the ability to make
changes, they just require one extra step (creating the bug) to perform the
operation
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#7?email_source=notifications&email_token=ACNND7E2Q7VURK2MU4RBEEDRC4FBRA5CNFSM4KU6M4V2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL2QDKQ#issuecomment-586482090>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACNND7EQ5Q2EHWCAJDPKUTDRC4FBRANCNFSM4KU6M4VQ>
.
|
I don't quite understand this - the thing that sends a one-time capability URL sends it instantly, right? Stepping back a bit here, my guess is that the core issue here is that we want to restrict the amount of people that have access to the Perhaps this will be nicely resolved by the "Extend self-service capabilities" roadmap item? It sounds like that means there will be a sort of "scoped |
It doesn't have to. It could be sent to the Bugmail address of the user, or indirectly accessed through the users' profile.
That would obviate most of the need for this. |
|
To start winding up the discussion, I'd like to allow a pilot group of users to have |
|
We should ensure we have reasonable step-by-step documentation for how to make common changes. |
| # Summary | ||
|
|
||
| Grant `editcomponents` to staff engineers, senior engineering manager in Bugzilla. | ||
|
|
There was a problem hiding this comment.
You can grant editcomponents on a per-product basis using the group access controls UI of a product page.
https://bugzilla.mozilla.org/editproducts.cgi?action=editgroupcontrols&product=Core
4 participants
RFC to distribute Bugzilla administration duties