Tech:Appointment and revocation policy

This policy concerns the procedure for appointing a new system administrator. Tech:Access policy details how a prospective system administrator requests access. Quoted from that page: "Granting shell access (aka access to a server, or multiple servers) to someone needs to be done with extreme caution. With more people having shell access to (critical) servers, the chances of suffering from human mistakes and compromised shell accounts do increase".

Appointment
Once an access request is made, any system administrator should feel free to ask the prospective sysadmin relevant questions: whether they are about hypothetical situations they may encounter, what tasks they plan on focusing on, what the role means for them, etc.

While not necessary, it is encouraged that all sysadmins take part in the discussion and comment. Once an access request has elapsed an appropriate period of time (a few days to a week), the Engineering Managers will discuss the request together and make a joint decision taking into account all comments received, relevant experience and community engagement. Depending on the request, either the Engineering Manager for MediaWiki (sysadmin global group, mw-admin access level) or the Engineering Manager for Infrastructure will close the Phabricator task with the decision. The Director of Site Reliability Engineering will retain the right to overrule the Engineering Managers' decision in exceptional circumstances.

Re-appointment after inactivity
See Tech:Inactivity policy

Removal
In the unfortunate circumstance that a sysadmin falls under the standards of a system administrator, violates policies deliberately, acts inappropriately, etc. the removal procedure may be initiated. It is to be noted that removal is the last resort, and that before considering removal, attempts to rectify the situation by communicating with the user in question should be made.

If a sysadmin believes that one of their colleagues falls under the aforementioned, they may contact their Engineering Manager and explain their situation and their thoughts on the matter. If the Engineering Manager in question disagrees and declines to forward the request to the DSRE for consideration, the system administrator may directly contact the Director of Site Reliability Engineering (DSRE) themselves, but this should only be in exceptional circumstances and should be avoided.

The Engineering Manager for the relevant team may propose that a system administrator is removed to the SRE Management Team either after having received a report from a team member or of their own accord. The Director of Site Reliability Engineering (DSRE) as well as the two Engineering Managers will weigh the arguments and may consult the whole Site Reliability Engineering team on whether they believe the user in question should be removed.

For inactivity
See Tech:Inactivity policy

Suspension
In exceptional circumstances, where waiting for the removal process to take place is not practical or possible, a user may be temporarily suspended and have their all access removed by the Director of Site Reliability Engineering (DSRE) or one of the Engineering Managers (EMs). This would be followed by the regular removal procedure, and access would be added back if it is ultimately decided against removal.

In ultimate emergencies, such as compromised accounts, any member with the relevant permissions may temporarily remove another sysadmin from the compromised account in question.