source: trunk/locker/doc/scripts-admin-use-policy @ 1279

Last change on this file since 1279 was 1026, checked in by quentin, 14 years ago
Import doc directory from locker
File size: 2.3 KB
1                                                                      2008-03-15
2                                                              amended 2008-08-05
3Policy on the Use of Administrative Rights
5Users of have a reasonable expectation that the data
6and code they store on our servers, and in sections of their locker
7accessible only by our servers, will not be improperly accessed or
8modified by anyone else, including by maintainers.  To
9fulfill this expectation, we define a policy governing the
10maintainers’ use of special permissions and credentials held by our
11servers.  This includes any administrative access to the scripts
12servers, any use of private keys stored on the servers, and any use of
13scripts-specific permissions granted on locker directories.
15Such use of administrative rights shall only be permitted under any of
16the following circumstances.
18* Maintenance of the service itself that is unrelated
19  to private user data.
21* Any access that is explicitly authorized by the owners of the data
22  in question.
24* Handling a user support request that cannot be satisfactorily answered
25  without resorting to using administrative rights. This access should
26  be restricted to only those files and resources that are strictly
27  necessary to fully answer the request.
29* Performing upgrades to autoinstalled software, using permissions
30  granted to the system:scripts-security-upd group.  This group is
31  normally empty, but the root instances of scripts maintainers will
32  be added when needed to perform upgrades, at the discretion of the
33  architect.
35* Modifications that are necessary for server security or reliability.
36  In this case, any modifications should be clearly marked and the
37  user should be contacted.
39* Ensuring that updates or planned updates to the
40  service do not break existing user deployments.  In this case, any
41  modifications should be clearly marked and the user should be
42  contacted.
44[The third clause formerly read
45* Handling a user support request that can reasonably be considered an
46  implicit authorization for that use.  In this case, whenever
47  possible, any modifications should be reverted and the user should
48  be told how to make these modifications themselves.
49and was changed in August 2008.]
Note: See TracBrowser for help on using the repository browser.