If possible, can someone make some code modification to send an email alert (to myself), when someone in a certain global group (yet to be made, but the name is likely to be 'trustandsafety') does any action (might refine to certain actions later on) that generates a log to be created?
Description
Related Objects
- Mentioned In
- R9:ce4ac0726e98: Update config for 1.36 (#3824)
R9:fbacf39fcfb1: Merge 'master' into REL1_36 (#3845)
R9:431f8f07682d: Update REL1_36 from master (#3891)
R9:39cf010e2e06: email notifications on privileged actions configuration T7197 (#3869)
R9:c26fbaf42b5e: email notifications on privileged actions configuration T7197
Event Timeline
There's a logLine hook but that's not triggered on everything. If there's a hook, then yes we probably can.
Before May 1st, as this should be in place before Trust and Safety takes over from SRE.
I think John has found a way so I can help work on implementing that.
Could you give us what you'd expect the email to say? Like the level of detail.
Is a link to the log entry okay or would you prefer more?
Should have included that information originally - sorry. Email doesn't need to be detailed or anything just the following information:
- the wiki
- the user
- what log action it is
- any comments/additional information (whatever is included in the 'reason' field if possible)
Any update on this, this is currently blocking the pre-planned SRE handover to T&S that was due to take place yesterday.
What we've worked out. Restricted logs won't work. This is mainly OS/CU but assuming they don't keep sensitive rights constantly and only assign when needed you'd get an email for rights change.
We can't be sure what else is 'restricted' though yet.
John identified that with the current setup it's possible for a user to remove the permission (watched-user) which allows the emails to be sent, therefore they would be able to act maliciously and do unauthorised things on wikis and the emails will no longer be sent to Owen. This has to be fixed before we can proceed.