Adding a new security group
Creating the group
- Security groups are rarely granted explicitly into. Normally the groups membership is determined by inheritance from other groups.
- Most security groups have a related "-team" group that is used for actually granting people into. For example, noone is in the 'client-services-security' group directly. There is a 'client-services-security-team' group which is a member of the 'client-services-security' group. The individual users are placed directly into the 'client-services-security-team' group when needed. Therefore they get access to the other group as well through inheritance. Only the 'client-services-security' group should be actually visible on the bug report.
- If the group is to be used as the default security group for a product (ie. it will be used when the user checks "Many users could be harmed by this security problem: it should be kept hidden from the public until it is resolved"), it must be set to Shown/Shown.
These steps need to be implemented by the admin when adding a new "security" group to BMO after the group has been created on BMO:
- Add code to extensions/BMO/lib/Data.pm that accomplish the following:
- If the group is to be used as the default security group for a product, add the group to %product_sec_groups
- If the requester wanted an automatic CC when a bug is placed into the group, update %group_to_cc_map