BMO/new-security-group

Adding a new security group

Creating the group

• Security groups are rarely granted explicitly into. Normally the groups membership is determined by inheritance from other groups.
• Most security groups have a related "-team" group that is used for actually granting people into. For example, noone is in the 'client-services-security' group directly. There is a 'client-services-security-team' group which is a member of the 'client-services-security' group. The individual users are placed directly into the 'client-services-security-team' group when needed. Therefore they get access to the other group as well through inheritance. Only the 'client-services-security' group should be actually visible on the bug report.
• If the group is to be used as the default security group for a product (ie. it will be used when the user checks "Many users could be harmed by this security problem: it should be kept hidden from the public until it is resolved"), it must be set to Shown/Shown.

Code changes

These steps need to be implemented by the admin when adding a new "security" group to BMO after the group has been created on BMO:

• Add code to extensions/BMO/lib/Data.pm that accomplish the following:
  • If the group is to be used as the default security group for a product, add the group to %product_sec_groups
  • If the requester wanted an automatic CC when a bug is placed into the group, update %group_to_cc_map