⚓ T373927 Offboard Manuel (WMDE) from WMF systems

	Subject	Repo	Branch	Lines +/-
	Re-add and absent data.yaml entry for manuel-wmde	operations/puppet	production	+8 -1
	ldap: Offboard Manuel (WMDE) from WMF systems	operations/puppet	production	+3 -12

		Status	Subtype	Assigned	Task
		Resolved		andrea.denisse	T373927 Offboard Manuel (WMDE) from WMF systems
		Resolved		• bd808	T374052 Requesting administrator access for Andrea_Denisse

WMDE-leszek created this task.Tue, Sep 3, 7:21 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptTue, Sep 3, 7:21 PM

WMDE-leszek added subscribers: karapayneWMDE, Lena_WMDE.Tue, Sep 3, 7:22 PM

Maintenance_bot added a project: SRE.Tue, Sep 3, 7:29 PM

Aklapper updated the task description. (Show Details)Tue, Sep 3, 7:34 PM

andrea.denisse claimed this task.Wed, Sep 4, 12:03 AM

andrea.denisse changed the task status from Open to In Progress.Wed, Sep 4, 5:38 PM

andrea.denisse updated the task description. (Show Details)Wed, Sep 4, 5:43 PM

andrea.denisse updated the task description. (Show Details)Wed, Sep 4, 5:48 PM

Hi @Aklapper , I'm unable to remove the from the acl*Project-Admins and acl*security Phabricator groups because I'm not an administrator of those groups.
Could you please grant me administrator access to them?

img-2024-09-04-11-46-15.png (361×848 px, 28 KB)

Change #1070653 had a related patch set uploaded (by Andrea Denisse; author: Andrea Denisse):

[operations/puppet@production] ldap: Offboard Manuel (WMDE) from WMF systems

https://gerrit.wikimedia.org/r/1070653

gerritbot added a project: Patch-For-Review.Wed, Sep 4, 6:01 PM

Change #1070653 merged by Andrea Denisse:

[operations/puppet@production] ldap: Offboard Manuel (WMDE) from WMF systems

https://gerrit.wikimedia.org/r/1070653

andrea.denisse updated the task description. (Show Details)Wed, Sep 4, 6:06 PM

Maintenance_bot removed a project: Patch-For-Review.Wed, Sep 4, 6:30 PM

In T373927#10118977, @andrea.denisse wrote:

I'm unable to remove the from the acl*Project-Admins and acl*security Phabricator groups because I'm not an administrator of those groups.
Could you please grant me administrator access to them?

@andrea.denisse Hmm, I worry that it won't scale to manually both hand out administrator rights to individual SRE members and to remove them once folks moved on... Is there a strong reason why to remove a Phab account from such Phab project membership if that Phab account is disabled already anyway (obviously under the assumption that the account will remain disabled for good)?

Just for completeness, IIRC there's also emergency access via the @admin account (of course I cannot find the corresponding docs, meh).

I removed the account from the two groups for now.

• bd808 closed subtask T374052: Requesting administrator access for Andrea_Denisse as Resolved.Wed, Sep 4, 7:29 PM

In T373927#10119259, @Aklapper wrote:

In T373927#10118977, @andrea.denisse wrote:

I'm unable to remove the from the acl*Project-Admins and acl*security Phabricator groups because I'm not an administrator of those groups.
Could you please grant me administrator access to them?

@andrea.denisse Hmm, I worry that it won't scale to manually both hand out administrator rights to individual SRE members and to remove them once folks moved on... Is there a strong reason why to remove a Phab account from such Phab project membership if that Phab account is disabled already anyway (obviously under the assumption that the account will remain disabled for good)?

Just for completeness, IIRC there's also emergency access via the @admin account (of course I cannot find the corresponding docs, meh).

I removed the account from the two groups for now.

Thanks @Aklapper , as for removing a deactivated account from Phabricator's project I can't say for sure, but it was part of the checklist in the task description.