Administrative access

See the Deploy documentation for access to self-hosted services.

If a service is down, check its status page:

Airtable

There should be a minimum of two Owners from OCP only.

Amazon Web Services

There should be a minimum of two IAM users in the administrators group from OCP only. The root user should not be used.

GitHub

See GitHub Teams.

Google

Admin

There should be a minimum of two Super Admin users from OCP only.

Less secure apps is set to “Allow users to manage their access to less secure apps” for the open-contracting.org domain, and Allow less secure apps is set to “ON” for the data@open-contracting.org user, so that Redmine can fetch mail.

Analytics

Use Fathom instead.

Cloud Platform

There should be a minimum of two Organization Administrator roles from OCP only.

For the ocds project, IAM should only include Google-managed service accounts, ods-crm-redmine-backup and sysadmin@dogsbody.com. Service accounts should only include default service accounts and ods-crm-redmine-backup. It should only use two storage buckets (crm-open-contracting-org-daily-backups and crm-open-contracting-org-weekly-backups). sysadmin@dogsbody.com must have the “Storage Admin” role (roles/storage.admin), to get the storage.buckets.list permission.

Periodically review all projects. To view a project’s history, click its Activity tab. To view a project’s resources, click its Dashboard tab. Projects include:

  • Library (two storage buckets)
  • Pelican
  • Website Search (API key)

In case a new user needs to be given admin access to the ocds project, you can run, for example:

gcloud projects add-iam-policy-binding ocds-172716 --member user:jmckinney@open-contracting.org --role roles/owner

Drive

All users with access to this folder should belong to OCP, Centro de Desarrollo Sostenible (CDS) and Open Data Services Co-operative Limited (ODS).

Groups

There should be a minimum of two Owner members from OCP only.

There should be at most two members with the Manager role from each other organization.

PyPI

For each package owned by the opencontracting user, there should be a minimum of two Owner roles from OCP, including opencontracting.

Only users who are reasonably expected to upload releases should have the Maintainer role. If a third-party organization maintains a package, there can be one user from that organization with the Owner role to add maintainers (e.g. OpenDataServices).

ReadTheDocs

There should be a minimum of two users with the Maintainer role from OCP.

Third-party maintainers of PyPI packages can be added to the package’s associated ReadTheDocs project, including organizational accounts (e.g. opendataservices).

The following projects are redirect only: kingfisher-scrape, kingfisher-views, ocdskingfisher.

Sentry

There should be a minimum of two members with the Owner role and one member with the Billing role from OCP.

Third-party developers can be added with the Admin or Member role to organization-specific teams for specific projects.

Transifex

Transifex is used by ODS for multiple clients. There should be at most two members with the Project Maintainer and Team Manager roles from OCP.

If we reach our collaborator limit, manage collaborators, removing those who were last seen more than 9 months ago.