Skip to content
Bath CS Wiki

Permissions

Permissions

This page lists the permissions committee members need to have for the different systems and should be managed by the current BathCS admins or the previous committee.

Be responsible

With great power comes great responsibility

Therefore we ask the people in power to not deviate from this set of rules and be responsible. This means no showing off and no abusing the power to access information you shouldn’t have, even if you really really want to impress friends. I DON’T CARE and action will be taken to remove your power.

Furthermore, if a committee member is showing signs of lack of security knowledge or is a potential security issue, please talk to your fellow committee members and potentially limit or outright remove their access.

VaultTub

It has been decided, for security, that BathCS admins will not have default access to all organisations

This means that the previous committee has to manage the handover completely for each organisation.

BathCS admins will be there to help and overview the process and will be sending out emails informing what is expected of the previous and incoming committee.

Process:

  1. BathCS Admins invite all new committee members to create accounts through the admin interface.

    As this email usually ends in spam, it is recommended a second email is sent along with the one from VaultTub, directing them to the VaultTub page

    People may still need chasing up via email or in person as this is students we are talking about

    Inviting a new user via the admin interface, on the Users page at the bottom

  2. The previous organisation owner (e.g. the secretary) should add the new committee members to the relevant organisation with the following roles:

    For committees, we recommend the first two members with the highest roles (designated by the list below) should be owners and the next member to be the admin with the remaining members as a user.

    1. Chair(s)
    2. Secretary
    3. Treasurer
    4. Everyone else

    So for example, with BCSS, Chair & secretary would be owners and the treasurer would be the admin.

    For other initiatives please assign people to the following roles:

    • Delegate two owners (required)
    • Delegate one admin (optional)
    • Assign everyone else as user (optional)

    Please also make sure people only have access to collections they should. Note that admins can change these permissions.

    Prefer can view over can edit - remember this does not stop them from editing the password on the account, just the information on VaultTub.

    If they need the permission they can always ask for it and be granted it if their claim is valid.

    Adding a new user to an organisation, showing how to set the role as well as what collections they can view

    Once they have accepted the invite, you will need to confirm their account in the interface

    Confirm a user once they have accepted the invite, by clicking the three dots by their name and choosing "Confirm"

  3. The new secretary, once the year is over, should remove all accounts from the previous committee

    Remove a user from the organisation, by clicking the 3 dots and selecting "Remove"

  4. All passwords stored should be rotated to make sure that if the previous committee wrote the password down somewhere, it is no longer valid.

GitLab Organisation

The GitLab organisation permissions will be fully managed by BathCS admins. This means they will invite new committee members and remove old ones.

All committee members will have “Developer” level set in the relevant subgroup. If higher permissions are needed, the admins can be asked and it can be assigned. There will need to be a few subgroup-wide “Maintainer”s. However, as there is no specific role for this and it can change from committee to committee, this will have to be asked for.

No-one will be given “Owner” permissions without a good reason, or for a single project created by the one person.

Committee members will also be given “Developer” on the Wiki project. For other projects, a request must be made to the admins.