Last modified: 2013-05-26 14:01:42 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T50836, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 48836 - Make it possible for specific non-admin Bugzilla users to hide specific Bugzilla comments
Make it possible for specific non-admin Bugzilla users to hide specific Bugzi...
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Bugzilla (Other open bugs)
wmf-deployment
All All
: High normal (vote)
: ---
Assigned To: Andre Klapper
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-26 12:29 UTC by Andre Klapper
Modified: 2013-05-26 14:01 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Andre Klapper 2013-05-26 12:29:35 UTC
This problem came up in bug 48323 comment 4.


Current situation:

Marking specific comments and attachments in Bugzilla as private, and accessing comments and attachments marked as private require membership in the "insidergroup" group (which does not allow manual membership but can only be set to another existing Bugzilla group). 
The insidergroup group is currently set to the admin group in the Wikimedia Bugzilla configuration.
General info: http://www.bugzilla.org/features/#private

Problem:

Sometimes trusted non-admin users want to hide a comment if it contains private info. So far reports were moved to the "Security" Bugzilla product which is unreasonable as the issue covered might not be a security issue and as it blocks access to the complete bug report instead of the specific comment only.

Solution:

Create a new Bugzilla group "privatecomments". Make members of "admin" and "security" group automatically members of the "privatecomments" group. (This new group will also allow adding individuals manually to the "privatecomments" group.) Set the insidergroup in the Bugzilla configuration to "privatecomments".
Comment 1 Thehelpfulone 2013-05-26 12:32:06 UTC
Does this need any sort of legal approval?
Comment 2 Andre Klapper 2013-05-26 12:49:37 UTC
I increase the number of people who can mark and access private comments and attachments by currently 14 people  (number of users in security group but not in admin group) who are considered trusted already: 
Admins can access these comments and attachments as before, but now also people which had and have access to security bugs and access these.
Personally I don't see a need for legal approval here, but if there is, I can easily revert this change.
Comment 3 Andre Klapper 2013-05-26 12:52:13 UTC
Testing by adding a private comment (which is still possible for me now that I have applied the proposed changes), and then trying to access it via a second testing account of mine with "average" rights.
Comment 4 Andre Klapper 2013-05-26 12:53:12 UTC
Unmarking comment 3 as private, seems to work.
Comment 5 Jarry1250 2013-05-26 12:54:49 UTC
Users who gain the new right but don't have access to the Security product will effectively gain access to private data they didn't have access to before. Hence the legal issue.
Comment 6 Andre Klapper 2013-05-26 13:04:34 UTC
Admins have access to the Security product by default (as "admin" group membership inherits membership in the "security" group), and people who are no admins but members of the "security" group in Bugzilla have access to the Security product anyway. So there are no people who gain this new right but cannot access the Security product.

Members of the "admin" and "security" groups are automatically members of the new "privatecomments" group, but people manually added to the "privatecomments" group (none so far, and no plans to do so) do not automatically gain access to tickets filed in the Security product.
In order to manually add people to the "privatecomments" group, a member of either the "admin" or "editusers" group would be needed. And admins should be trusted people anyway.


Does that sort out the raised concerns, or do I misunderstand something?

(And thanks for the quick comments here, really appreciated!)
Comment 7 Thehelpfulone 2013-05-26 13:13:39 UTC
(In reply to comment #6)
> Members of the "admin" and "security" groups are automatically members of the
> new "privatecomments" group, but people manually added to the
> "privatecomments"
> group (none so far, and no plans to do so) do not automatically gain access
> to
> tickets filed in the Security product.

This is where I thought legal approval would be needed. As long as people aren't added to the privatecomments group without being a member of the admin or security group, there shouldn't be a legal issue. 

There are some bugs that are not in the Security product that have private comments so people in the "security" group would now be able to see these comments, but this is less of an issue to me.

> In order to manually add people to the "privatecomments" group, a member of
> either the "admin" or "editusers" group would be needed. And admins should be
> trusted people anyway.

I agree that admins are trusted, but if people are manually added to the "privatecomments" group then they may need to be approved by Legal for the reasons stated by Jarry above. Perhaps an email to admins letting them know that they shouldn't add people to this group without legal approval would be a good idea?
Comment 8 Andre Klapper 2013-05-26 14:01:42 UTC
Technically I cannot disable adding users manually to this group, but I've added "DO NOT MANUALLY ADD MEMBERS TO THIS GROUP WITHOUT LEGAL APPROVAL" to the group description. 
I hope that is sufficient and an acceptable workaround, plus Bugzilla allows (since 4.2) taking a look at user account histories (e.g. to see who gave permissions to who and when).

As explained in comment 0, there seems to be a need that trustworthy Bugzilla users (e.g. security group) can mark specific comments/attachments as private without having to be part of the "admin" group, and the way I've set this up now (see comment 0) seems to be an acceptable trade-off.

Again, thanks everybody for the input here! Highly appreciated and helpful.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links