Advanced user roles policy

Advanced user roles on Drupal.org are granted when a user needs advanced access to be able to perform specific duties related to their role in the community and only while those duties are being performed.

As we move towards per-Section governance and access control, there is less and less need for the overarching advanced access on the site. Per-Section advanced access rules will be established as the new Sections roll out.

All users with advanced roles have to accept Drupal.org Terms of Service and Privacy Policy. Users with the role which gives access to personally identifiable information (administrators, security team, site moderator) will also have to sign a short contributor agreement.

Gaining the role

All roles are granted manually by either site a moderator or administrator via issue queue process. A user who wants to request specific role needs to open an issue in the Site moderators issue queue and describe what they need the role for. When a role is granted as a part of established process (e.g. Security Team process for adding new team members), a person who grants the role can open an issue themselves to document that user role change happened.

Content moderator

This role is granted to community members who are willing to help out in the Content issue queue with the tasks like: adding and updating feeds in Drupal Planet, reviewing and adding organization pages to the Marketplace, editing taxonomy terms to fix misspelled or duplicate ones, cleaning up spam content, changing authors for nodes such as organization pages; helping out in Documentation queue with the tasks like modifying book outline, etc.

Users requesting this role will have spent some time in the issue queues first, helping out existing content moderators or documentation team members. They have shown the knowledge of typical processes and procedures, and one of the existing content moderators, site moderators, or documentation team members recommended them. Alternatively, one of the existing content moderators or site moderators is willing to mentor them for the first couple of weeks to help learn the processes and procedures.

Packaging allowlist maintainer

This role is granted to community members who are willing to help out in the Drupal.org allowlist queue, with the tasks like: reviewing and adding licenses to the allowlist.

Users requesting this role will have spent some time in the issue queue first, helping out existing allowlist maintainers. Recommendation from one of the existing allowlist maintainers is required to gain the role.

Git admin

This role is granted to community members who are willing to help out in the Project Applications queue by reviewing applications and granting users 'Git vetted' status; Project ownership queue with the tasks related to ownership transfer. As well as help out with general project-related or testing-related (DrupalCI) support requests from users.

Users requesting this role will have spent some time in the issue queue first, helping out existing Git admins. Recommendation from one of the existing Git admins or site moderators is required to gain the role.

Site moderator

This role is granted to community members who are willing to help out in the Site moderators issue queue with the tasks like: blocking spam users and cleaning up spam content, helping with user account issues, helping with project issues, fixing wrongly uploaded file attachments, etc.

Users requesting this role will have spent some time in the issue queues first, helping out existing content moderators. Recommendation from one of the existing site moderators is required to gain the role.

Security team member

This role is granted to active Security team members only. Once a provisional team member is accepted as a full Security team member, the role can be granted and an issue needs to be created in the issue queue to document this. The issue can be opened by one of the Security Team leads, after they granted the role, or by any security team member requesting the role on behalf of the new member.

In case the new member opened an issue themselves, confirmation from one of the existing Security team members is required to gain the role.

Administrator

Only Drupal Association staff members who maintain the website, perform deployments, and are 'on call' for any outages, as well as select non-staff infrastructure team members who are 'on call' for outages will have full administrator access on Drupal.org.

This role can only be granted by Drupal Association staff when it is needed to ensure proper maintenance of Drupal.org.

Communication and time expectations

All users with advanced roles will be added to mailing list(s), which will be a private communication channel between Drupal Association staff and users with advanced access. Mailing lists will be used in case of emergency announcement, changes to the tools, processes or procedures.

Users are expected to actively use their advanced access to perform the duties they requested the access for. Once the access is no longer needed, users are expected to inform other site moderators and administrators. Periodic reminders will be sent to users to remind them they have advanced access.

The role will be taken away when a user:

  • Steps down from performing the duties
  • Has not logged in for more than a period of time
    • two months for administrators, security team, and site moderators
    • four months for packaging allowlist maintainers, content moderators, and git admins
  • Has logged in, but hasn't used advanced access for more than a period of time:
    • four months for administrators, security team, and site moderators
    • six months for packaging allowlist maintainers, content moderators, and git admins
  • Has inappropriately used advanced access

Review of all users with advanced roles happens at least two times per year, or as needed. All users will be contacted via email and given time to respond, before the role is removed (except of situations of role abuse or emergency, e.g. security breach).