We cannot be making changes without approval and records

Changes like granting someone admin on any of our production services must follow the proper protocol. We cannot be granting people admin services we provide without filing a request, and getting the request approved by somebody else. We have cct-review for a reason.

Agree. Missing some context.

Did this happen? Why did it happen? What is the “proper protocol”?

Half of it happened.

I didn’t record giving somebody admin access to something.

I approved extending Stefan’s Google Apps admin access. Didn’t file a bug, which I should have done, but approval was given (by me) for his access, just not documented.

Not recording was improper practice, but realistically, Google Apps isn’t even ours. I took over managing it when IT pulled support for us, but this still isn’t a participation tool and it’s unclear where it’s owned. I’ll file bugs next time, but I chose not to because it was questionable who owns this.

I’d frame the need for bugs more around the need for a change record and less about policy.

2 Likes

That’s literally the opposite of what should be happening. If we don’t know who owns it, we should log everything we do with it.

Technically we don’t own it, but I think at this point we’re considered its de facto owner. If we just stopped doing anything with it, the community at large would be upset.

As for granting admin to him, I didn’t see him request it, anywhere. All I saw was him punting it to you because he didn’t have permission to do it, and then you granted him super admin. I feel that you should’ve at least consulted somebody, whether it was one of us, a remo council member, whatever. I’m not comfortable with people approving their own requests.