feat(perms): log all permissions and access #41
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR creates a comprehensive permissions documentation file that maps access levels for repositories, external services, and access tokens across different Node.js web teams and roles.
- Introduces a structured permissions matrix documenting access levels for 9 repositories across 5 different team roles
- Documents external service permissions for 7 services including Cloudflare, Vercel, and Sentry
- Creates an access tokens section tracking service account credentials and their permissions
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
I added everything I am aware of, however, there may be inaccuracies |
| @@ -0,0 +1,52 @@ | |||
| # Permissions | |||
|
|
|||
There was a problem hiding this comment.
We should add small paragraphs that said "here all thing related to website part and who have acces to it"
|
Btw thanks aviv to tackle it 🫶🏻 |
| | **[Figma Design File][]** | Read | - | Write | - | - | Access to this service is controlled by the OpenJS Foundation and @avivkeller. | | ||
| | **[Sentry][]** | - | - | - | Admin | Admin | | | ||
| | **[Vercel][]** | - | - | - | Admin | Admin | | | ||
|
|
There was a problem hiding this comment.
@ovflowd what would the permissions be for hackmd?
There was a problem hiding this comment.
Right now @bmuenzenmeyer and me are admins, but technically speaking as being owned by the Foundation, I'm not sure how administration should be laid out. Probably only the to the Foundation Staff/IT?
There was a problem hiding this comment.
cc @bensternthal if you have any ideas how this should be laid out.
PERMISSIONS.md
Outdated
| | **[Sentry][]** | - | - | - | Admin | Admin | | | ||
| | **[Vercel][]** | - | - | - | Admin | Admin | | | ||
|
|
||
| ## Access Tokens |
There was a problem hiding this comment.
Aren't there more tokens out there?
PERMISSIONS.md
Outdated
|
|
||
| ## External Services | ||
|
|
||
| | Service | Everyone | @nodejs/web | @nodejs/nodejs-website | @nodejs/web-infra | @nodejs/web-admins | Notes | |
There was a problem hiding this comment.
Crowdin is missing here. Access is done through a shared account
There was a problem hiding this comment.
I thought crowdin wasn't a shared account for infra, and they used their own logins?
| | Service | Everyone | @nodejs/web | @nodejs/nodejs-website | @nodejs/web-infra | @nodejs/web-admins | Notes | | ||
| | ---------------------------- | ---------------------------------- | ----------- | ---------------------- | ----------------- | ------------------ | ---------------------------------------------------------------------------------------------------------------------------- | | ||
| | **[1Password][]** | - | - | - | Admin | Admin | | | ||
| | **[Atlassian Statuspage][]** | [Read](https://status.nodejs.org/) | - | - | Admin | Admin | |
There was a problem hiding this comment.
| | **[Atlassian Statuspage][]** | [Read](https://status.nodejs.org/) | - | - | Admin | Admin | | |
| | **[Atlassian Statuspage][]** | [Read](https://status.nodejs.org/) | - | - | App Admin | Org Admin | |
|
|
||
| | Secret Name | Display Name | Platform(s) / Location(s) | Associated Project(s) | Access Level | Expiry | Notes | | ||
| | -------------------------- | ----------------------- | ---------------------------------------------------------------------- | ----------------------------------------- | ------------ | ------ | ------------------------------------------- | | ||
| | `CF_API_TOKEN` | N/A | [nodejs/discord-status-worker][], [nodejs/release-cloudflare-worker][] | [Cloudflare][] | Write | - | Used for deploying to Cloudflare Wrangler | |
There was a problem hiding this comment.
| | `CF_API_TOKEN` | N/A | [nodejs/discord-status-worker][], [nodejs/release-cloudflare-worker][] | [Cloudflare][] | Write | - | Used for deploying to Cloudflare Wrangler | | |
| | `CF_API_TOKEN` | N/A | [nodejs/discord-status-worker][], [nodejs/release-cloudflare-worker][] | [Cloudflare][] | Write | - | Used for deploying to Cloudflare Workers | |
| [@openjs-vercel]: https://github.com/openjs-vercel | ||
| [Atlassian Statuspage]: https://manage.statuspage.io/pages/rxy2rhgm8q1n/incidents | ||
| [Chromatic]: https://www.chromatic.com/builds?appId=64c7d71358830e9105808652 | ||
| [Cloudflare]: https://www.cloudflare.com/ |
There was a problem hiding this comment.
| [Cloudflare]: https://www.cloudflare.com/ | |
| [Cloudflare]: https://dash.cloudflare.com/07be8d2fbc940503ca1be344714cb0d1 |
Fixes #4
Fixes #21
cc @nodejs/web @nodejs/security-wg - Feel free to modify this file with additional permissions and/or changes