Audit Google account access #389
Comments
|
Totally! Is there a single source of truth for Google access records? I know that, at least for Zoom accounts, we don't have that. Brian has been starting to systematize that with some shared LastPass vaults. |
|
If it's just the Google Youtube account then through the UI you can see the list of people who have access. |
|
Ok so, here's the list(s) by role, updated as of 26/07/2019: "Primary Owner"
Owner
Manager
Removed
|
|
I might not have gotten everything correct there so please feel free to edit it (but update the date if you do). I think we can start some clean-up by:
|
@BethGriggs runs the Release WG meetings. |
|
cc @nodejs/tsc @nodejs/community-committee |
|
uttampawar uses the access for Benchmarking WG meetings. +1 to removing all of the "former"s and the deactivated account. Maybe ping anyone with a ? after a few more days before removing them. |
|
I think @boneskull uses it for the Tooling meetings but I could be wrong. |
|
Rachel Romoff is from LF and participates in most of CommComm meetings. I'm not sure which meetings they host. |
|
yep I use it for tooling group meetings |
Same! +1. |
|
Update a few based on what I know. +1 to
|
|
Ok I removed the following people:
|
|
Does anyone know if these people presently need access?
|
|
You can keep Todd Benzies and delete Sarah Conway. Thank you! |
|
Ok, did that. |
|
Neither Eldar Djafarov or Timothy Arthur appear to be members of the Node.js github org, so I plan to also remove them. Should we let them know somehow? Ditto for Lara Taback but also I can't find her github / any way to contact her. (The interface does not expose google email addresses, unfortunately.) |
|
I think Laura used to work at the Foundation, but I don't think I've talked to her in quite a while. I think removing should be ok. |
|
Is there any further steps here? If so, what are they? If not, can we close this? |
|
This kind of audit should be done yearly at least, imo. I can be removed from the google account now too. |
It will probably be forgotten unless it is made someone's responsibility. "An audit will happen yearly" means it probably won't happen. "The CommComm Chair will perform an audit or identify someone to perform an audit in June of every year" is more likely to actually happen. The question is: Who is the best person or people to take on this duty? Foundation folks? CommComm? TSC? Someone else? |
|
Applied TSC and CommComm agenda labels but they can of course be removed if some resolution happens in the tracker. The question I'm hoping to get an answer to is in my comment above and reproduced here:
|
|
I think adding it to the list of things for either the CommComm or TSC chair makes sense. I think it should be up to whoever we choose, to ensure it happens either by finding a volunteer or doing it themselves. |
|
@brianwarner volunteered to take this on if we want the foundation to take this on. |
|
@nodejs/community-committee are you ok with @brianwarner/foundation handling this? |
|
Proposed process from the TSC meeting:
|
|
+1 to the suggested process. |
|
Generated list of people to be removed, confirmed with Tierney and did the removal. Closing. |
I dunno if anyone's kept up exactly but, a lot of people have access to the google account, which hosts the youtube, etc.
We should audit who still need access because there must be upwards of 30 or so people by now, which could pose a liability.
The text was updated successfully, but these errors were encountered: