User groups

From Meta, a Wikimedia project coordination wiki
Jump to: navigation, search

Other languages:
العربية • ‎dansk • ‎Deutsch • ‎English • ‎British English • ‎español • ‎eesti • ‎euskara • ‎français • ‎galego • ‎עברית • ‎Հայերեն • ‎italiano • ‎日本語 • ‎한국어 • ‎Ripoarisch • ‎Lëtzebuergesch • ‎മലയാളം • ‎मराठी • ‎Bahasa Melayu • ‎Nederlands • ‎polski • ‎پښتو • ‎русский • ‎Türkçe • ‎татарча/tatarça • ‎татарча • ‎українська • ‎中文 • ‎中文(简体)‎

The following is a list of user groups in the Wikimedia Foundation projects. It is organized in approximate descending order of permissions. Note that the order is not directly correlated to power in the proper sense of the word, but rather refers to technical access in the MediaWiki software. Be aware that, though the technical abilities are the same on all Foundation projects, certain groups' definitions and roles differ from wiki to wiki.

Local groups[edit]

Here's a list of user groups, from the highest access level to the lowest.

Global user groups[edit]

See also Global permissions and Global groups.

Global bot[edit]

Global bots have bot access on all wikis where global bots are enabled (this must be explicitly permitted by local policy; see a list of allowing wikis). Global bots are subject to the standard bot policy, which limits these bots to specific tasks.

See:

Global rollback[edit]

Users with global rollback can revert a series of edits by one user with one click on any wiki, primarily intended for vandalism and nonsense. Users must be demonstrably active in crosswiki counter-vandalism for access.

See:

Global sysop[edit]

Global sysops are users with sysop access on multiple small wikis, mainly for the purpose of fighting vandalism in the absence of local administrators. They are appointed after a lengthy discussion on SRGP.

See:

Staff[edit]

The Staff group is assigned to some paid employees of the Wikimedia Foundation. This group has special access primarily for technical or legal purposes.

Background[edit]

The Wikimedia Foundation is constantly evaluating who is a member of the staff user group in order to minimize the proliferation of this very specialized tool. Membership of the staff group is constantly re-evaluated, particularly in light of a more limited tool being available that will fit a staff member's needs, if someone is expected to not need staff rights for a period of time, or if there is something that triggers during a risk assessment. These re-evaluations are part of good security practices.

Previously, who did and did not have staff rights was relatively arbitrary, based upon asking the staff member who was in charge of these rights. The process has been subsequently formalized to protect against abuse or misuse of staff rights. In order to receive staff rights, it requires second level sign-off (meaning that for a new employee in a department, director level signoff is required and for a new manager, C-level signoff is required), a formal written use-case that is kept on file and routinely reviewed to determine whether the use-case is still met by assignment of staff rights, a brief training session explaining their appropriate and inappropriate use, and an acknowledgement (in writing) of the rights and responsibilities that come with staff rights.

Previously, there were few protections against abuse. Today, there are a number of checks and balances built into the system. On the English Wikipedia, for instance, the Audit Subcommittee reviews all logged actions and discusses questionable actions with Philippe (as the WMF employee responsible for rights assignment) to ensure they are within policy. On other wikis where there is no comparable subcommittee, the Legal and Community Advocacy team audits and reviews employee actions. This has resulted in employee disciplinary action on occasion. These are not toothless protections.

Assignment[edit]

Staff rights are managed by the Director of Community Advocacy and the second-level Wikimedia Foundation manager of the person requesting staff rights.

Wikimedia stewards and staff will add or remove permissions (former link) from the staff global user group and they also add or remove user accounts from the staff global user group based on the requests of the Director of Community Advocacy or his designee. There is no requirement that community consensus be demonstrated or that the above requirements (including sign-offs) are proved.

Rationale and responsibility of advanced permissions assignment for Wikimedia Foundation staff are currently recorded in a locked Google spreadsheet. A mirror of that page can be found at WMF Advanced Permissions.

Permissions[edit]

The following chart lists the user rights available in the staff user group and an explanation of why these rights are necessary for staff to have.

User right Purpose
autoconfirmed ...
autopatrol ...
bigdelete At times, the LCA or technical team need the ability to delete pages with a high number of revisions for technical reasons, or for legal compliance reasons.
browsearchive ...
centralauth-admin ...
centralauth-lock ...
centralauth-merge ...
centralauth-oversight ...
centralauth-unmerge ...
centralnotice-admin ...
centralnotice-translate ...
checkuser The LCA team uses this right for legal compliance (subpoena, etc.) and safety reasons (investigations of threats)
checkuser-log The LCA team uses this right for legal compliance (subpoena, etc.) and safety reasons (investigations of threats)
delete The LCA team uses this right for legal compliance and copyright purposes.
deletedhistory The LCA team uses this right for legal compliance and copyright purposes.
deletedtext The LCA team uses this right for legal compliance and copyright purposes.
deletelogentry The LCA team uses this right for legal compliance purposes.
deleterevision The LCA team uses this right for legal compliance and copyright purposes.
edit ...
editinterface The LCA team uses this right for legal compliance and copyright purposes (i.e., to change the copyright notices, etc.). Other staff members use it to support the development of other projects and technical initiatives.
editusercss This was done for a couple of reasons. First, we have had times when we saw a user insert some code in their own user.js and user.css files that really shouldn't be there, and then propagate that code out to the wikis by adding a transclusion from their own user files to, for instance, Mediawiki:Common.js of a smaller wiki, and thereby add google tracking code, for instance. This allows staff to easily (and in a logged fashion) remove such code. Second, in order to include a script for those users who hold staff rights which colors red the interface buttons for things that they really shouldn't touch without a REALLY good reason (i.e., the execute checkuser button). You can see that script in my own userjs file. This is a reminder for new staff who didn't come from the community that these are specialized rights, and not everyone has access to them, and serves as a mental "speedbump" against using them.
editusercssjs This was done for a couple of reasons. First, we have had times when we saw a user insert some code in their own user.js and user.css files that really shouldn't be there, and then propagate that code out to the wikis by adding a transclusion from their own user files to, for instance, Mediawiki:Common.js of a smaller wiki, and thereby add google tracking code, for instance. This allows staff to easily (and in a logged fashion) remove such code. Second, in order to include a script for those users who hold staff rights which colors red the interface buttons for things that they really shouldn't touch without a REALLY good reason (i.e., the execute checkuser button). You can see that script in my own userjs file. This is a reminder for new staff who didn't come from the community that these are specialized rights, and not everyone has access to them, and serves as a mental "speedbump" against using them.
edituserjs This was done for a couple of reasons. First, we have had times when we saw a user insert some code in their own user.js and user.css files that really shouldn't be there, and then propagate that code out to the wikis by adding a transclusion from their own user files to, for instance, Mediawiki:Common.js of a smaller wiki, and thereby add google tracking code, for instance. This allows staff to easily (and in a logged fashion) remove such code. Second, in order to include a script for those users who hold staff rights which colors red the interface buttons for things that they really shouldn't touch without a REALLY good reason (i.e., the execute checkuser button). You can see that script in my own userjs file. This is a reminder for new staff who didn't come from the community that these are specialized rights, and not everyone has access to them, and serves as a mental "speedbump" against using them.
globalblock ...
globalblock-exempt ...
globalblock-whitelist ...
globalunblock ...
hiderevision ...
hideuser ...
import ...
importupload ...
ipblock-exempt ...
moodbar-admin ...
move ...
move-rootuserpages ...
move-subpages ...
movefile ...
noratelimit ...
nuke ...
override-antispoof ...
oversight ...
prefstats ...
protect ...
purge ...
reupload ...
reupload-shared ...
superprotect ...
suppressionlog ...
suppressredirect ...
suppressrevision ...
tboverride ...
tboverride-account ...
transcode-reset ...
transcode-status ...
uboverride ...
unblockself ...
undelete ...
unwatchedpages ...
upload ...
upload_by_url ...
userrights ...

See:

Steward[edit]

Stewards have complete access to the wiki interface, and perform technical implementation of community consensus, deal with emergencies, and intervene against crosswiki vandalism. Stewards are elected annually with participation from all wikis.

See:

Special-purpose[edit]

Notes[edit]

  • Tool Labs, Available user rights which do not exist on every wiki (affected wiki is indicated).

See also[edit]


User groups
Local: blocked user – unregistered user – newly-registered user – registered user – autochecked users – autopatroller – bot – administrator – bureaucrat – oversight – checkuser – IP block exempt – importer – translation admin – centralnotice admin – uploader – massmessage sender
Global: locked account – unified account – bot – rollbacker – renamer – abuse filter editor – interface editor – IP block exemption – new wikis importer – sysop – ombudsman – founder – staff – WMF researcher – system administrator – steward