User:Chris Key/Sandbox/Proposal: Overhaul of user rights

Background
''Problem statement as summarised by Dan Nessett. Although Dan summarised my points, it should be noted that he does not support this change. (to rewrite):''
 * The MW software is fully flexible and capable of supporting any group/rights architecture suitable for CZ.
 * The existing access rights architecture does not quite fit the roles and responsibilities associated with various CZ governance positions. For example, Constables need to perform certain operations on the wiki, some of which require Sysop privileges, some of which do not. Some rights granted to Constables by virtue of their position as Sysops on the wiki are not useful to them in the pursuit of their Constable role. Creating an architecture that more closely follows the governance structure increases the transparency of access rights management and use at CZ. Furthermore, it is useful to implement fine granularity access control structures that give users only the rights they need and no more. This improves the overall security posture of CZ.
 * When CZers without extra permissions observe terms like "Bureaucrat", "Sysop" and "Constable", they may become confused and think, for example, that the Sysop role is identified with the Constable role. They become frustrated when they contact a Sysop, asking them to perform a Constable function and are told that a Sysop does not have the organizational right to perform this function (even if they can technically perform it). Furthermore, arcane names like Bureaucrat or Dark Knight, due to their unfamiliarity or vaguely threatening connotations, may raise the level of discomfort of those unfamiliar with their technical meaning.
 * Since the technology used by CZ to develop and deliver its content is not monolithic (i.e., it is implemented by various software systems that do not interact with each other), we should clarify roles within these software systems by using group names similar, if not identical, to the roles defined within CZ.

Overview
There are currently a variety of groups. Their rights can be seen at Special:ListGroupRights. An analysis of each follows.

(all)
This implied group covers everybody who uses Citizendium. It includes people who are not logged in as well as people who are logged in. This group is part of the core coding of MediaWiki and cannot be removed. However, it can be renamed to something more user friendly.

Also, the rights of the (all) group are unusual. The 'Use of the write API (writeapi)' and 'Mark as from Wikipedia (setwpfrom)' rights are activated for this group, even though they cannot actually edit pages.

Recommendation: I have renamed this to All visitors and Citizens below and redefined its rights.

Users
This group is automatically given to every user account on Citizendium, and cannot be revoked. When a list of a user's groups is generated, this group is hidden. This group is part of the core coding of MediaWiki and cannot be removed, however it can be renamed.

Recommendation: I have renamed this Citizen below in line with Citizendium terminology as defined in the Charter. I have also modified its rights.

Autoconfirmed users
This group is promoted automatically when a userhas been registered for 30 days and performed 90 edits (numbers can be adjusted). It is like the 'karma' system that has been previously discussed, but is currently unused except for the ability to "Edit semi-protected pages", which is something we don't currently use.

Recommendation: I agree with the existance of this group, but the name is unhelpful and the rights need to be modified. I have further defined it below as Established Citizen.

emailconfirmed
This is supposed to be given to everyone who has confirmed their email address, however the configuration of CZ does not actually do this. If we wanted to make this work, we'd need the following line in LocalSettings.php:

Recommendation: As we don't confirm users until they have confirmed their email address anyway, this group would be identical to the Users group. Therefore I recommend we delete this group.

Wikieditors (shown as 'Editors')
This group is actually called 'wikieditors', but has been modified to display as 'Editors'. Despite the definitions of this group in LocalSettings.php and elsewhere, this group does not currently just contain Editors. According to old discussion list discussions this group originally was given to every registered user in order to allow them to edit the wiki. At some point this was changed, and now it is only given to people who apply as and are accepted as an Editor. This leads to a number of anomolies: This has caused confusion on at least two occasions. Also, all of the rights that an 'editor' has are duplicated from the 'User' group.
 * Sandy Harris is not in this group and is not an Editor. This is logical.
 * Howard C. Berkowitz is in this group and is an Editor. This is logical.
 * John Stephenson is in this group despite not being an Editor. This is because he joined before the change.
 * Chris Key is not in this group despite being an Editor. This is because the Editor promotion occured several months after registration.

Recommendation: This group is completely illogical and needs removing. In my proposal it will be replaced by the Editor group which will only contain Editors as defined in the Charter. It's rights will be completely redefined.

EditInt
This group was created by Dan Nessett with the approval of Greg and Larry in order to allow me to fix Bug 49. I am currently the only member. The only function of this group is to allow me to edit pages within the MediaWiki namespace.

Recommendation: I agree with the existance of this group, but would suggest that the current name is unhelpful. A more descriptive name is suggested below (see Interface Developer).

Overview
The example document at User:Chris_Key/Sandbox/Userrights will be used only as a starting point for this section.

User rights groups
Discussion of which user groups should be created and the rationale behind each of them.

All visitors and Citizens (previously known as '(all)')
This implied group covers everybody who uses Citizendium. It includes people who are not logged in as well as people who are logged in. This group is part of the core coding of MediaWiki and cannot be removed, however I would recommend renaming it on the list of group rights to "All visitors and Citizens".

Citizens (previously known as 'Users')
This group is automatically given to every user account on Citizendium, and cannot be revoked. When a list of a user's groups is generated, this group is hidden. This group is part of the core coding of MediaWiki and cannot be removed, however I would recommend renaming it on the list of group rights to "All Citizens".

Established Citizen
This group is promoted automatically when a Citizen has been registered for 30 days and performed 90 edits, or some other combination of days and edits as specificed by the Management Committee. At this point it can be assumed that the Citizen is reasonably familiar with how Citizendium works, and can gain some additional helpful but more advanced tools. This has previously been discussed on the forums as a 'karma' system.

Editor
This group will be given to an Editor once they have been approved by a member of the EPA (or other authorised person). Initially it will include very few extra rights, but should be put in place as a pre-emptive measure for future software development. For example, once the approval process is automated Editors can be given the right to nominate an article for approval. It will not be necessary to ever remove anyone from this group unless exceptional circumstances lead to their Editorship being revoked, or a policy is put in place that removes the Editorship from inactive Editors.

The current 'editor' group does not just contain Editors. We will need to clear this list (probably using direct database access) and refill the list (probably using a bot).

Management Committee
This group will be given to current members of the Management Committee only. When their term ends, and they are not re-elected, this group will be removed from them.

Editorial Council
This group will be given to current members of the Editorial Council only. When their term ends, and they are not re-elected, this group will be removed from them.

Managing Editor
This group will only be given to the Managing Editor and his deputies. When their term ends, and they are not re-elected, this group will be removed from them. In the documentation below, unless otherwise specified, they will be given all powers given to the MC and the EC.

Constable
This group will be given to serving members of the Constabulary only. If they resign or are removed from the post, this group will be removed from them.

Ombudsman
This group will only ever contain a single member, the Ombusdman. When their term ends, and they are not re-elected, this group will be removed from them.

Editorial Personnel Administrator
Currently we have the position who are responsible for reviewing, accepting and rejecting Editor applications. This post is not mentioned in the Charter, but assuming the position is kept intact after the Charter is implemented, all EPAs will be put into this group. If they resign or are removed from the post, this group will be removed from them.

Senior Technical Staff
This group will be given to senior members of the Technical Staff. Which members it is given to would be at the discretion of the Management Committee (in liaison with the Technical Lead, if one exists) and would be given very selectively. It is likely that this group would correspond with, or be very similar to, the group of people given root server access. It is not necessary to give this power to every member of the Technical Staff. Membership to this group should be reviewed by the Management Committee annually, although it should be pointed out that a lack of activity on the wiki or forums does not automatically warrant removal from this group.

In general, these powers would not be used. They are given because Technical Staff may occasionally need to perform actions for technical reasons, such as blocking users or bots that are consuming unacceptable amounts of system resources, or undoing edits that put heavy strain on the servers. It should be noted that in an emergency anyone with root server access could give themselves any power, including those currently given to nobody. In the interests of transparency this should be avoided if at all possible, as no trace is left in any logs.

Interface Developer
This group is given to Citizens who need the ability to edit the MediaWiki namespace, which primarily includes system messages. Access to this group would need a good reason, which would be judged at the discretion of the Senior Technical Staff reporting to the Management Committee. An example of someone who in the past would have had sufficient reason to join this group is Caesar Schinas. He was given SysOp powers in order to work on the Upload Wizard and similar issues]. Another example would be for a user who wished to fix a bug like this. Membership to this group would be removed when the Citizen has been inactive for six months, or when they announce that they no longer wish to work on technical aspects of the project.

Founder
This group is given to Larry Sanger only. It would be given as a good-will gesture only, and can be revoked by the Management Committee at any time should they wish to do so. Initially the Founder group has been given the rights that Larry currently has access to. Unlike other groups, no further justification shall be presented as to why this user group is given rights.

Bot and Bot with Delete
Currently our Bot policy is not well developed, however it seems that bots will be run from specific accounts such as User:Housekeeping Bot. These accounts will be put into the Bot group to allow them access to the additional tools that they require. Some bots require the ability to delete pages. These shall also be put into the Bot with Delete group. Further groups may be needed depending on what additional rights they need in order to complete their task, for example 'Bot with Promote User to Editor'. The rights for these groups would most likely be altered as the Bot policy is developed.

Creation of New Groups
New groups are to be implemented at the discretion of the Management Committee, bearing in mind the following guidelines:
 * No user should be put into an existing group unless they fulfil the criteria associated with it. It is better to create a new group with identical powers to a Constable than to put a non-Constable into the Constable's group.
 * Every official role that requires special powers should be given a group with a descriptive name. Putting multiple roles into a single group is inadvisable.
 * Every new group must be documented before being implemented.

Summary
Create a table similar to that seen at User:Chris_Key/Sandbox/Userrights.

Implementation
Include instructions on how to implement this, including modifications to LocalSettings.php for implementing the new setup and removing the old setup.

Testing
''Attempt to set up a clone on shared hosting with a full test of the proposed system. Failing that, conduct a thorough test on my personal clone.''