Last modified: 2013-05-26 14:01:42 UTC
This problem came up in bug 48323 comment 4. Current situation: Marking specific comments and attachments in Bugzilla as private, and accessing comments and attachments marked as private require membership in the "insidergroup" group (which does not allow manual membership but can only be set to another existing Bugzilla group). The insidergroup group is currently set to the admin group in the Wikimedia Bugzilla configuration. General info: http://www.bugzilla.org/features/#private Problem: Sometimes trusted non-admin users want to hide a comment if it contains private info. So far reports were moved to the "Security" Bugzilla product which is unreasonable as the issue covered might not be a security issue and as it blocks access to the complete bug report instead of the specific comment only. Solution: Create a new Bugzilla group "privatecomments". Make members of "admin" and "security" group automatically members of the "privatecomments" group. (This new group will also allow adding individuals manually to the "privatecomments" group.) Set the insidergroup in the Bugzilla configuration to "privatecomments".
Does this need any sort of legal approval?
I increase the number of people who can mark and access private comments and attachments by currently 14 people (number of users in security group but not in admin group) who are considered trusted already: Admins can access these comments and attachments as before, but now also people which had and have access to security bugs and access these. Personally I don't see a need for legal approval here, but if there is, I can easily revert this change.
Testing by adding a private comment (which is still possible for me now that I have applied the proposed changes), and then trying to access it via a second testing account of mine with "average" rights.
Unmarking comment 3 as private, seems to work.
Users who gain the new right but don't have access to the Security product will effectively gain access to private data they didn't have access to before. Hence the legal issue.
Admins have access to the Security product by default (as "admin" group membership inherits membership in the "security" group), and people who are no admins but members of the "security" group in Bugzilla have access to the Security product anyway. So there are no people who gain this new right but cannot access the Security product. Members of the "admin" and "security" groups are automatically members of the new "privatecomments" group, but people manually added to the "privatecomments" group (none so far, and no plans to do so) do not automatically gain access to tickets filed in the Security product. In order to manually add people to the "privatecomments" group, a member of either the "admin" or "editusers" group would be needed. And admins should be trusted people anyway. Does that sort out the raised concerns, or do I misunderstand something? (And thanks for the quick comments here, really appreciated!)
(In reply to comment #6) > Members of the "admin" and "security" groups are automatically members of the > new "privatecomments" group, but people manually added to the > "privatecomments" > group (none so far, and no plans to do so) do not automatically gain access > to > tickets filed in the Security product. This is where I thought legal approval would be needed. As long as people aren't added to the privatecomments group without being a member of the admin or security group, there shouldn't be a legal issue. There are some bugs that are not in the Security product that have private comments so people in the "security" group would now be able to see these comments, but this is less of an issue to me. > In order to manually add people to the "privatecomments" group, a member of > either the "admin" or "editusers" group would be needed. And admins should be > trusted people anyway. I agree that admins are trusted, but if people are manually added to the "privatecomments" group then they may need to be approved by Legal for the reasons stated by Jarry above. Perhaps an email to admins letting them know that they shouldn't add people to this group without legal approval would be a good idea?
Technically I cannot disable adding users manually to this group, but I've added "DO NOT MANUALLY ADD MEMBERS TO THIS GROUP WITHOUT LEGAL APPROVAL" to the group description. I hope that is sufficient and an acceptable workaround, plus Bugzilla allows (since 4.2) taking a look at user account histories (e.g. to see who gave permissions to who and when). As explained in comment 0, there seems to be a need that trustworthy Bugzilla users (e.g. security group) can mark specific comments/attachments as private without having to be part of the "admin" group, and the way I've set this up now (see comment 0) seems to be an acceptable trade-off. Again, thanks everybody for the input here! Highly appreciated and helpful.
