From MozillaWiki
Jump to: navigation, search

Adding a new security group

Creating the group

  • Security groups are rarely granted explicitly into. Normally the groups membership is determined by inheritance from other groups.
  • Most security groups have a related "-team" group that is used for actually granting people into. For example, noone is in the 'client-services-security' group directly. There is a 'client-services-security-team' group which is a member of the 'client-services-security' group. The individual users are placed directly into the 'client-services-security-team' group when needed. Therefore they get access to the other group as well through inheritance. Only the 'client-services-security' group should be actually visible on the bug report.
  • If the group is to be used as the default security group for a product (ie. it will be used when the user checks "Many users could be harmed by this security problem: it should be kept hidden from the public until it is resolved"), it must be set to Shown/Shown.

Code changes

These steps need to be implemented by the admin when adding a new "security" group to BMO after the group has been created on BMO:

  • Add code to extensions/BMO/lib/ that accomplish the following:
    • If the group is to be used as the default security group for a product, add the group to %product_sec_groups
    • If the requester wanted an automatic CC when a bug is placed into the group, update %group_to_cc_map