Special global permissions
For Legal and Security reasons the Wikimedia Foundation has decided that two factor authentication is required for the roles on this page. This requirement was instituted before some groups were added, so the late additions may or may not require 2FA. |
Special permission groups
editThis user right was created on February 27, 2009 for User:Jimbo Wales. It was originally equivalent to the Steward group, and has since lost most of its permissions.
The global flow creator global group allows users to create Flow pages on any WMF wiki on which it is installed, as well as several miscellaneous rights. It contains only several WMF staff, and is not in active use since Flow is not being actively developed.
The Ombuds commission is a small, board-selected group directed to investigate allegations of CheckUser abuse.
This group has the checkuser-log right globally, in order to view CheckUser logs at any Foundation-hosted project.
Recursive export is a global group that allows the user to export pages with linked pages beyond the limit applied to normal users. The right is only assigned to users who have a demonstrable need and can be trusted to use it correctly as it can apply a heavy load to the Wikimedia servers.
Before the creation of the group the right was only available to system administrators.
The original proposal is located at Requests for comment/Wikimedia Foundation staff permissions.
Wikimedia Foundation staff members are those employees of the Foundation with both the need for rights beyond those of normal users on a global scale and the technical ability to use them.
System administrators handle the technical management of the servers which host our projects. As these individuals have the technical ability and permission to effect changes, the Sysadmin global group was implemented to encourage them to do so more easily and in a more transparent manner.
The Universal Code of Conduct/Coordinating Committee has a custom global group allowing them to view abuse filters, deleted content, and IP address information.
The wmf-email-block-override global group includes only the sboverride
right. Its sole member is Maryana Iskander, CEO of the Wikimedia Foundation.It allows her to send email despite the fact that her email address is listed on the email blacklist.
The WMF Researcher right was created by the Wikimedia Foundation Legal and Community Advocacy team to provide a temporary global right to some NDA'd staff and contractors assisting in specific legal research who do not require the full global Staff Rights package. Under the principle of least access and because the need has come up multiple times the group has been converted into a more permanent global group that can be given to WMF Staff or Contractors (permanent or temporary) when they need read-only access to deleted or suppressed text and logs but do not necessarily need other rights in the full Staff package. It is also used for NDA'd 3rd party Researchers who need API access to deleted content as part of their approved research.
Transparency
editThe Meta-Wiki hosts the global rights log, where any user (registered or not) may view the creation and deletion of global groups and the changes to their permissions. A detailed description of the various rights may be found on MediaWiki.org. Please note that some rights are detailed in the appropriate extension page there.
Two-factor authentication
editThe Wikimedia Foundation made two-factor authentication (2FA) mandatory for selected global user roles in December 2018. The requirement is recorded at the top of various Meta-Wiki pages as imposed by "the Wikimedia Foundation"; the addition of that text was itself the announcement (by a Foundation employee). No broader announcement was made and the requirement is enforced by manual audits.