Google Analytics

[AndrewTindall]

Well I have access to:
File-Browser (basically only images to the blog, .txt from vote results, etc.)
Send E-mail
Blog Categories (can only edit/view, not add)
Blog Posts (full access)
Pages (add/change - seemingly only partial access, can't change much on the main page for example. can't add to navigation bar, etc.)
Pages Global Permissions
Mailer Don't Send Entries
Mailer Message Logs (this allows me to see e-mail address - but nothing else - of every member. Basically just confirms that e-mails were sent)
Mailer Messages
Snippets
ppuk.it

so basically stuff related to members communications. :p

[azrael]

I have access to:
File-Browser (basically only images to the blog, .txt from vote results, etc.)
Events (add stuff to the events page)
Regions (edit the basic info and links for each Region)
Students: Universities (add/edit the Universities list from the /students page)
Students: University societies (add/edit the Uni societies list from the /students page)

[Gavman]

So can anyone tell us who has access to what then? (I appreciate azrael and AndrewTindall who have stated what they have access to)

Can we confirm that only one person has access to the PPUK server? If this is true are there plans to change this? If not please let us know why not

[Gavman]

Anyone care to respond?

I have also now e-mailed the NEC and Board as no one seems to want to provide an answer (But I accept that this thread may have been overlooked so hence the e-mails which hopefully will be responded to)

[azrael]

Hi Gavman,

I can't confirm that only one person has access to the PPUK server - 'cause I don't know myself. I too would appreciate an answer and I hope your email to NEC/Board reaches someone who has one.

[Gavman]

Well [un]surprisingly, still waiting for a response on this matter.

I guess wanting greater transparency doesn't apply to this Party then?

It's like officials purposefully want to drive away( or at least simply ignore) anyone that dares raise concerns

But guess what? I believe too much in what the Party stands for to just walk away.

[AndrewTindall]

the answer is we are still not aware of exactly who has what access. with other things, such as the stuff legally required by the EC, and preparing for the scottish election, handling this seems to be on the backburner.

[Gavman]

Hi Andrew,

Before I go on, I want to state that I appreciate you replying to me and letting me know what is going on, I really do. And overall I am happy with the people we have running the Party

My problem is that if what you say is true, why has no-one on the NEC replied to my e-mail with any of this information?

I want to make it clear, I'm not out to stir up trouble, all I want is a transparent and accountable organisation and I believe that is what we all want, I know that all officials are volunteers but I really do not believe that is an excuse not to even drop me an e-mail to at least acknowledge that the points I raised are to being considered even if they have been given a low priority.

[mace]

Hi Gavman et al,

My apologies for not sending you an email regarding this, as AndrewT has noted, other issues have (and continue to be) higher priority right now.

However, your request is entirely sensible, justified and indeed just plain useful, so I'm going to ask that any interested parties begin a constructive discussion on the following topics:

• Where should we collect a definitive list of who has access to what?
• What level of detail should be included in such a list (or lists) - do we go as far as documenting specific access/login details?
• Is (some of) this information potentially sensitive enough that we don't want to publish it in a publically accessible manner?
• Who should be allowed access to some or all of this data?
• How can we best collect all of the data in a timely manner, taking into account the voluntary nature of the party?
• How do we ensure this data is kept up to date?

Feel free to add more topics if you think they are pertinent.

For the record, this exercise is intended to get more people involved and spread the burden so to speak so that we can come up with a satisfactory result for everyone in the shortest time we can.

Also for the record, I've had this thread open in a browser tab permanently since the first comments, little consolation I know as far as getting it sorted, but perhaps serves as an indication that it is definitely still on my radar.

Thanks.

[azrael]

One good approach might be for a member who wants to go ahead with this emailing every elected person and asking them what they have access too. Also might be good for them to PM everyone on the memberlist.php?mode=leaders list with the same question.

They could collate the different sorts of access and then maybe contact all the same people again with the 'list' of different things that someone could have access too, pre-filled with what that person answered the first time, just to check if thre is anything on the complete list the person might have access too but forgotten first time around.

As to what gets published, I'm happy for everyone knowing what I can and can't do. I can't see why any of my privileges should be secret/private (but happy to hear good arguments of the opposite view). If the final list is published, it could be also in the form of 'If you want to get X done, you can contact' which might make it easier for members to find the right person to talk to about things.

[tempest3k]

Sounds like the party needs an IT manager o.O

[Gavman]

Well i didnt mean just take account of what assets & who has access/control of those assets that we have online, I meant overall although i concede that most if not all our assets are online/digital.

If a member were to take the time to e-mail all the officals that could, what guarantee would they have that all officials would bother responding? Or that all officals would know everything that they have access to?

This approach would not help identify non-officials that have access to offical stuff. (<- I know for a fact that this situation exists).

For the record i also agree that there will be information that should not necessarily be in the opublic domain but that doesnt change the fact that someone needes to manage this data.

Anyway, thank you for letting us know the state of play Mace, it is honestly appreciated.

[scuzzmonkey]

Sounds like the party needs an IT manager o.O

this - for a party full of nerds not having even a paper list of who has what access to some pretty sensitive information is ridiculous.

Miah, I honestly would expect you know _exactly_ who has access to every part of the site, the bank accounts, and party resources et al., from non-members upwards, and especially the closer you get to the top.

Does this info need to be publicly accessible? I don't care.
Should it at least exist for internal referencing? Hell yes.

We don't need to sit around and discuss this, just for general piece of mind I'd expect you to be all over something like this like a rash - or maybe you're just not as paranoid as me - lol.

[mace]

Sounds like the party needs an IT manager o.O

this - for a party full of nerds not having even a paper list of who has what access to some pretty sensitive information is ridiculous.

Miah, I honestly would expect you know _exactly_ who has access to every part of the site, the bank accounts, and party resources et al., from non-members upwards, and especially the closer you get to the top.

Does this info need to be publicly accessible? I don't care.
Should it at least exist for internal referencing? Hell yes.

We don't need to sit around and discuss this, just for general piece of mind I'd expect you to be all over something like this like a rash - or maybe you're just not as paranoid as me - lol.

Thanks for your reply Scuzzmonkey.

You are correct regarding some of the information - I hold information on the bank accounts, paypal, google mail, domains and the virtual server. The site database tracks various information on members and what access they have. However there are plenty of other resources out there which are not centrally managed, for example, twitter or facebook accounts (both "official" party ones and semi-personal PPUK branded ones), candidates own campaigning websites, blogs, etc which may be operated in the interest of the party.

So, the question remains, how do we find out about all these non-centrally managed resources and centrally manage them.

[AndrewTindall]

well twitter I can tell you that at the very least me, monkeyjam, and andy_r have had the password. the password has not changed since any of us received it. I do not know if either of them still have the password. I am currently the only person who operates the account.


edit: the password has now been changed. Only myself and mace have access.

[Infomage]

So, the question remains, how do we find out about all these non-centrally managed resources and centrally manage them.

Become Big Brother. Show everyone how paranoid we have become, sieze control of all methods of communication and implement strict censorship laws with draconian punishments for all infringers and suspected infringers of those laws. </sarcasm>

On a more serious note, anything that is genuinely "Official PPUK Output" should be managed centrally. Any individuals or groups should be entitled to do what they want, as long as it doesn't bring the Party into disrepute.

Any output that does risk bringing us into disrepute should be handled appropriately at the time.

[borgs8472]

Sounds like the party needs an IT manager o.O

Yo

[borgs8472]

While I don't object to the access levels that some people have (indeed it's massively useful) I'm not clear on the rationale of why certain people have the access they do and why others do not.

It would be useful to have a list of all of those with special access, and what that access allows them to do, and why they need that access. (I'd be worried if there was no such record or no means by which to obtain such a list)

Parallel to that it would be good to have a list of criteria for how to obtain specific types of access by which to assess the existing list of people, and more importantly any new requests for access. (We can then see who has legacy access and may no longer need it, as well as help get new people navigate their way to getting access)

Finally it would then be a good idea for all that info to be put on the wiki and kept updated by one of those people with special access so that any time a request for something comes up, they can be directed to the list of those that can do it, or what hoops they themselves need to jump through to get the required access.

I kept that list in the webteam forum

[Duke]

Bumping to see if there has been any progress with this... getting increasingly uncomfortable with us being wide open to both legal attack and public humiliation.

[tuoni]

I would suggest this should be one of the first jobs of the new Web Team, when it's good to go.