Wikipedia talk:Interface administrators
Latest comment: 1 day ago by BRPever in topic Non-admins requesting interface admin rights
Non-admins requesting interface admin rights
changeHi all, this policy currently has no mention on whether non-admins can request this right. My personal opinion is that it is an admin-level right that has been detached from admin, not to allow non-admin users to use it like rollbacker and patroller have been, but instead to prevent all admins from having access to it due to security risks. I see two options forward here:
- Option Y: Specify in our policy that only admins can request the interface-admin right by adding the following line:
Only existing administrators can request the interface administrator right.
- Option Z: Specify in our policy that any trusted user can request the interface-admin right by adding the following line:
Any user can request the interface administrator right, as long as they are trusted, have 2FA enabled and have a specified task.
- I feel both options should also allow for an extra addition regarding abuse, due to the high-risk nature of these rights (like what is done in WP:FLOOD):
Those who abuse interface admin rights may be sanctioned, through removal of rights or blocks.
What are our thoughts? --Ferien (talk) 12:12, 31 October 2024 (UTC)
I support Option Z. I trust crats to be able to handle such requests much like how we trust them with bots and such.--BRP ever 12:16, 31 October 2024 (UTC)- Support for option Z, which is very well formulated and clear. Thank you, Ferien, for raising this issue. Have a nice day! BZPN (talk) 12:22, 31 October 2024 (UTC)
- I forgot one more thing: there should be a mention of where to ask for these permissions - I think it's AN since there is no dedicated part on WP:RfP (but I'm not sure). Thank you. BZPN (talk) 12:25, 31 October 2024 (UTC)
- Yeah, since it's task specific it can be brought to AN. If these requests become too frequent a section can be created in RfP later I guess. BRP ever 12:27, 31 October 2024 (UTC)
- I've just updated that so it says AN, as the requests are quite rare and this reflects current practice. --Ferien (talk) 12:27, 31 October 2024 (UTC)
- Thank you! BZPN (talk) 12:28, 31 October 2024 (UTC)
- I forgot one more thing: there should be a mention of where to ask for these permissions - I think it's AN since there is no dedicated part on WP:RfP (but I'm not sure). Thank you. BZPN (talk) 12:25, 31 October 2024 (UTC)
- Support Option Y with a modification to include mandatory 2FA. This is mandated by the WMF. This is a sensitive user right, almost close to the levels that I'd say require signing the NDA. If you can be trusted with the mop, then you should be able to handle this.— *Fehufangą ♮ ✉ Talk page 13:44, 31 October 2024 (UTC)
- @Fehufanga I can't see how Non disclosure agreement would work in this situation. I think this is purely technical right. I see the danger, but also see that our current admin team will find it hard to maintain all the tools, maybe we should consider a way for those trusted with technical knowledge to be able to edit .js, .css ad json pages. Maybe just by limiting it to extreme situation or could also be through community consensus. BRP ever 14:23, 3 November 2024 (UTC)
- @BRPever I did not say that you need to sign the NDA to be an IA, I'm saying that the danger and sensitivity of this user right is nearly identical to the user rights that require signing the NDA. There are many ways to do this using JS but beans, beans, beans. — *Fehufangą ♮ ✉ Talk page 14:28, 3 November 2024 (UTC)
- @Fehufanga I can't see how Non disclosure agreement would work in this situation. I think this is purely technical right. I see the danger, but also see that our current admin team will find it hard to maintain all the tools, maybe we should consider a way for those trusted with technical knowledge to be able to edit .js, .css ad json pages. Maybe just by limiting it to extreme situation or could also be through community consensus. BRP ever 14:23, 3 November 2024 (UTC)
- Support for Option Y. Giving it to anyone could potentially unleash hell. It's a delicate right to possess - I hold it myself as an admin on Vikidia. One mistake can mess up an entire page, and it would be better to restrict it to existing administrators only. It's almost like saying "anyone can edit the front page". Altering the interface and how it responds is not something non-admins should have access to. DaneGeld (talk) 18:13, 31 October 2024 (UTC)
- @DaneGeld, these are very shallow conclusions. These permissions are granted by bureaucrats who should assess the situation well before granting a user permission. It is probably obvious that an untrusted user will not receive these permissions. In addition, these permissions are only granted temporarily to fulfill a specific purpose, which also minimizes the risk of causing damage in other spaces. BZPN (talk) 18:20, 31 October 2024 (UTC)
- @User:BZPN - I am aware that this permission is granted by bureaucrats - but if it's only going to be temporary for a specific purpose, what's the point of giving it to any "trusted" user, when the admins are already trusted? Option Y stays on the table for me. Giving it to lots of people, when only a select few need it at all, is just going to cause a headache. DaneGeld (talk) 18:27, 31 October 2024 (UTC)
- Support Option Y per Fehufanga's reasoning.- FusionSub (Talk page) (Contributions) 14:17, 3 November 2024 (UTC)
- @DaneGeld, these are very shallow conclusions. These permissions are granted by bureaucrats who should assess the situation well before granting a user permission. It is probably obvious that an untrusted user will not receive these permissions. In addition, these permissions are only granted temporarily to fulfill a specific purpose, which also minimizes the risk of causing damage in other spaces. BZPN (talk) 18:20, 31 October 2024 (UTC)
- Support for option Z, which is very well formulated and clear. Thank you, Ferien, for raising this issue. Have a nice day! BZPN (talk) 12:22, 31 October 2024 (UTC)
- Support Option Y with condition of mandatory 2FA, and for non-admins following the process similar to WP:RFA. Sort of like how they do in metawiki. I feel like we are going to need hand with maintenance and keeping that window open is a good idea.--BRP ever 14:55, 3 November 2024 (UTC)