职员用户组
 | 本页面已经过时,但如果获得更新,它仍将有所帮助。请帮助校正、增加并修订文字以反映现状。 |
某些维基媒体基金会的受薪雇员会被加入到职员用户组。该用户组拥有一些特殊的技术或法律方面访问权。
背景
维基媒体基金会一直在评估职员用户组的成员以最小化这类极度专业工具的扩散。职员用户组的成员资格会持续不断地重新评估,以确保某一成员获得的工具是其确实所需的。当一名成员在一段时间内不再需要职员权限,或某些行为触发了风险评估时,这些重评估将是良好安全措施的一部分。
以前,是否拥有职员权限相对随意,通过咨询负责这些权限的员工决定。后来,相关处理进程已经正式化以防止滥用和误用职员权限。要获取职员权限,需要一位上级审核(意味着新部门员工需要主管级的审核,新经理需要C级审核)、��份书面的用权示例备案,定期对相关权限进行复审以确保其用权符合前述示例、一个简短的训练课程以解释相关权限的正确和错误使用和一份对职员权限附带的权限和责任的书面确认信。
以前,防止滥用的保护措施很少。现在,我们在系统内部署了许多制衡措施。例如,在英文维基百科,仲裁委员会会复审所有日志操作并与Jan(基金会负责授权的职员)讨论问题操作以确保其符合方针。在其他维基项目没有此类委员会,信任与安全(T&S)团队会审查职员行为。这已经导致了部分职员受到纪律处分,故此是措施不是空谈。
分配
职员的权限是由全域信任与安全团队负责人和负责申请员工权限的维基媒体基金会二级经理所管理。
维基媒体监管员和职员将添加或删除职员全域用户组的权限(former link),他们还将根据全域信任与安全团队负责人或其指定人员的要求,添加或删除工作人员全球用户组的用户账户。没有要求证明社区已达成共识,也没有要求证明上述要求(包括批准)。
Rationale and responsibility of advanced permissions assignment for Wikimedia Foundation staff are currently recorded in a locked Google spreadsheet. A mirror of that page can be found at WMF Advanced Permissions.
权限
下表列出了职员用户组可用的用户权限,并解释了职员必须拥有这些权限的原因。
| 用户权限 | 目的 |
|---|---|
| abusefilter-hidden-log | ... |
| abusefilter-hide-log | ... |
| abusefilter-log-detail | ... |
| abusefilter-log-private | ... |
| abusefilter-modify | ... |
| abusefilter-modify-global | ... |
| abusefilter-modify-restricted | ... |
| abusefilter-privatedetails | ... |
| abusefilter-privatedetails-log | ... |
| abusefilter-revert | ... |
| abusefilter-view | ... |
| abusefilter-view-private | ... |
| apihighlimits | phab:T293431 |
| autoconfirmed | ... |
| autopatrol | ... |
| bigdelete | At times, the T&S or technical team need the ability to delete pages with a high number of revisions for technical reasons, or for legal compliance reasons. |
| block | ... |
| blockemail | ... |
| browsearchive | ... |
| centralauth-merge | ... |
| centralauth-unmerge | ... |
| centralnotice-admin | ... |
| checkuser | The T&S team uses this right for legal compliance (subpoena, etc.) and safety reasons (investigations of threats) |
| checkuser-log | The T&S team uses this right for legal compliance (subpoena, etc.) and safety reasons (investigations of threats) |
| delete | The T&S team uses this right for legal compliance and copyright purposes. |
| deletedhistory | The T&S team uses this right for legal compliance and copyright purposes. |
| deletedtext | The T&S team uses this right for legal compliance and copyright purposes. |
| deletelogentry | The T&S team uses this right for legal compliance purposes. |
| deleterevision | The T&S team uses this right for legal compliance and copyright purposes. |
| edit | ... |
| editcontentmodel | ... |
| editinterface | The T&S team uses this right for legal compliance and copyright purposes (i.e., to change the copyright notices, etc.). Other staff members use it to support the development of other projects and technical initiatives. |
| editsitecss | ... |
| editsitejs | ... |
| editsitejson | ... |
| editusercss | This was done for a couple of reasons. First, we have had times when we saw a user insert some code in their own user.js and user.css files that really shouldn't be there, and then propagate that code out to the wikis by adding a transclusion from their own user files to, for instance, Mediawiki:Common.js of a smaller wiki, and thereby add google tracking code, for instance. This allows staff to easily (and in a logged fashion) remove such code. Second, in order to include a stylesheet for those users who hold staff rights which colors red the interface buttons for things that they really shouldn't touch without a REALLY good reason (i.e., the execute checkuser button). |
| edituserjs | |
| edituserjson | |
| extendedconfirmed | ... |
| flow-create-board | ... |
| flow-delete | ... |
| flow-edit-post | ... |
| flow-hide | ... |
| flow-suppress | ... |
| gadgets-definition-edit | ... |
| gadgets-edit | ... |
| globalblock | ... |
| globalblock-exempt | ... |
| globalblock-whitelist | ... |
| hideuser | ... |
| import | ... |
| importupload | ... |
| ipblock-exempt | ... |
| move | ... |
| move-rootuserpages | ... |
| move-subpages | ... |
| movefile | ... |
| movestable | ... |
| mwoauthmanageconsumer | ... |
| mwoauthmanagemygrants | ... |
| mwoauthproposeconsumer | ... |
| mwoauthsuppress | ... |
| mwoauthupdateownconsumer | ... |
| mwoauthviewprivate | ... |
| mwoauthviewsuppressed | ... |
| noratelimit | ... |
| nuke | ... |
| oathauth-disable-for-user | ... |
| oathauth-enable | ... |
| override-antispoof | ... |
| patrolmarks | ... |
| protect | ... |
| purge | ... |
| reupload | ... |
| reupload-shared | ... |
| review | ... |
| rollback | ... |
| sendemail | ... |
| setmentor | ... |
| skipcaptcha | ... |
| stablesettings | ... |
| suppressionlog | ... |
| suppressredirect | ... |
| suppressrevision | ... |
| tboverride | ... |
| tboverride-account | ... |
| templateeditor | ... |
| transcode-reset | ... |
| transcode-status | ... |
| unblockself | ... |
| undelete | ... |
| unwatchedpages | ... |
| upload | ... |
| upload_by_url | ... |
参见
- 当前的职员
- 职员: 全域权限 · 全域用户组(toolforge) · 成员列表 · 用户组变更日志
- 全域用户组
- 旧有提案
- 维基媒体基金会信任与安全