Clean up dev permissions and create offboarding document

bcgov / Sustainment-Team

Use of this repository is for tracking Sustainment Team Issues. It is used to account for the Sustainment Team's work that is not attached to a specific digital service.

0 stars 0 forks source link

Clean up dev permissions and create offboarding document #13

Closed LocalNewsTV closed 2 weeks ago

LocalNewsTV commented 2 months ago

Describe the task Clean up access permissions for Devs that have left sustainment

Purpose With the devs having left Sustainment, they no longer require access to repos/applications. Under Principle of Least Privelege These devs should no longer have access to things no longer applicable to their position.

additionally, this

Acceptance Criteria

[x] OpenShift Access
[x] SSO Access
[x] GitHub Teams Access
[ ] MS Teams access? (as there is not sensitive information here, individual users can unsubscribe themselves as desired)
[x] Offboarding document to ensure devs leaving have permissions reduced appropriately
[x] offboarding docs include what to do for senior devs vs junior dves

Additional context

Add any other context about the task here.
Or here
7068-ad is shared with namespace with the range team

fergmac commented 1 month ago

Offboarding document additions:

openshift registry app team lead status: https://registry.developer.gov.bc.ca/private-cloud/products/all
sonarcloud (static analysis)
- https://sonarcloud.io/project/configuration?id=bcgov-gwells_backend
- https://sonarcloud.io/project/configuration?id=bcgov-gwells_backend
openshift namespace access (can just update the namespace of this URL for each project): https://console.apps.silver.devops.gov.bc.ca/project-details/ns/26e83e-dev/access

acatchpole commented 2 weeks ago

Gone through all (known) former Sustainment Team members and removed SSO (keycloak) access to all Sustainment Team projects and related Keycloak teams.

acatchpole commented 2 weeks ago

Gone through Openshift and removed admin users for everyone who is not current Sustainment Team, an external currently working in that repo, or a Service Owner for that project.

Also had the Project Registry updated to remove old secondary technical leads.

acatchpole commented 2 weeks ago

Gone through the github repos and updated access as same as openshift. A few unknown names were left as contributors but had access lowered to "Read". All current Sustainment members also had their individual users access removed. Most access should now be done through the Sustainment-Team and Sustainment-Team-Admin groups.