89
edits
Changes
→Managing Org Ownership permissions: Added link specifying what ownership vs. membership gets you.
== Managing Org Ownership permissions ==
One of the known security changes we're working to implement is to limit the number of people with org owner permissions wherever possible. As part of induction, we'll be reaching out to the people with owner permissions and asking if they need this (at all, and in light of the duties that IT is now taking on)
* Owners in GitHub have complete "root" level rights to every repository and to all setting in the org, so limiting this to "definitely needed" cases is the desire.
* There are auth0, and duo and GHE costs related to keeping them, and various bits of upkeep - so we would like to remove them where feasible.
* Any remaining org owners will be required to have a "root" account, separate from their "daily driver" or "mortal" account.
For more information on what ownership vs membership roles are, [https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-roles this] link from GitHub outlines that. Note that if the desire is simply to have full access to all repositories in the org, we can do that without ownership rights.
== Ways to Reach IT ==
* Bugzilla - Please don't mark it as fully confidential without cc'ing in someone from the ghe-admins@ group. https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Github%3A+Administration
