infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Ruggeri (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-18247) Please give clr access to delegated security@gsuite.cloud.apache.org
Date Sat, 20 Apr 2019 15:15:00 GMT

    [ https://issues.apache.org/jira/browse/INFRA-18247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16822479#comment-16822479
] 

Daniel Ruggeri commented on INFRA-18247:
----------------------------------------

Unfortunately it looks like ownership and day2 procedures haven't quite been defined. Until
Infra is comfortable, I agree, it falls on Fundraising... but that's not an admission that
Fundraising is the right place :-)

I have looked into how to do this. A gsuite admin must enable mail delegation first, which
I have confirmed is done:
https://support.google.com/a/answer/7223765?hl=en

However, an admin cannot grant delegated access to an account from what I can tell.

In order to grant delegated access to the account, the owner of the account must follow these
procedures:
https://support.google.com/mail/answer/138350?hl=en
 - On your computer, open Gmail. You can't add delegates from the Gmail app.
 - In the top right, click Settings Settings.
 - Click Settings.
 - Click the Accounts and Import or Accounts tab.
 - In the "Grant access to your account" section, click Add another account. Note: If you’re
using Gmail through your work or school, your organization may restrict email delegation.

 - Enter the email address of the person you want to add. (Note: The account you're delegating
must have "Require user to change password at next sign-in" disabled.)
 - Click Next Step and then Send email to grant access.

So, my inquiry is this: Who is the owner/password holder of the security@gsuite.cloud.apache.org
account to do this? It is my understanding they are the only person who can execute the procedure.
If we cannot identify who it is, I can reset the user's password and we can proceed directly.
I would prefer for Infra to vault such a credential because it's an important foundation-level
cred.

Tagging [~kmcgrail], [~gstein] and [~markt] who are also listed as superadmins to see if perhaps
they know who holds the credential for the account.

> Please give clr access to delegated security@gsuite.cloud.apache.org
> --------------------------------------------------------------------
>
>                 Key: INFRA-18247
>                 URL: https://issues.apache.org/jira/browse/INFRA-18247
>             Project: Infrastructure
>          Issue Type: Task
>          Components: Other/Misc
>            Reporter: Craig L Russell
>            Priority: Major
>
> As a new member of the security team, I need to have access to the delegated account
security@gsuite.cloud.apache.org linked to my clr@gsuite... login.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message