Administrative access#

See the Deploy documentation for access to self-hosted services.

If a service is down, check its status page:

Note

If you are a consultant, do not use or create your own organizational accounts on services like Fixer, Prerender, Docker Hub, etc. All organizational accounts must be owned by OCP.

Amazon Web Services#

There should be a minimum of two IAM users in the administrators group from OCP only. The root user should not be used.

GitHub#

There should be a minimum of two owners from OCP. Owners do not need to be added to teams.

Tip

Use the org:owners task to check the configuration.

Google#

Admin#

There should be a minimum of two Super Admin users from OCP only.

Less secure apps is set to “Allow users to manage their access to less secure apps” for the open-contracting.org domain, and Allow less secure apps is set to “ON” for the data@open-contracting.org user, so that Redmine can fetch mail.

Analytics#

Use Fathom instead.

Cloud Platform#

Note

Use Amazon Web Services, unless an application requires access to Google-exclusive services like Google Drive.

There should be a minimum of two Organization Administrator users from OCP only.

Periodically review all projects. To view a project’s history, click its Activity tab. To view a project’s resources, click its Dashboard tab. Projects include:

  • Library (two storage buckets)

  • Pelican (IAM user)

  • Website Search (API key)

If an administrator lacks access to a project, run, for example:

gcloud projects add-iam-policy-binding ocds-172716 --member user:jmckinney@open-contracting.org --role roles/owner

If the user interface lacks access to an organization, run, for example:

gcloud organizations add-iam-policy-binding organizations/1015889055088 --member domain:open-contracting.org --role roles/recommender.viewer

Drive#

All users with access to this folder should belong to OCP only.

Groups#

There should be a minimum of two Owner members from OCP only.

PyPI#

For each package owned by the opencontracting user, there should be a minimum of two Owner users from OCP, including opencontracting.

Only users who are reasonably expected to upload releases should have the Maintainer role.

If a third-party organization maintains a package, there can be one user from that organization with the Owner role to add maintainers (e.g. OpenDataServices).

ReadTheDocs#

There should be a minimum of two users with the Maintainer role from OCP.

Third-party maintainers of PyPI packages can be added to the package’s associated ReadTheDocs project, including organizational accounts (e.g. opendataservices).

Sentry#

There should be a minimum of two members with the Owner role and one member with the Billing role from OCP.

Third-party developers can be added with the Admin or Member role to organization-specific teams for specific projects.

Transifex#

There should be a minimum of two Administrators users from OCP only.

If we reach our collaborator limit, manage collaborators, removing those who were last seen more than 9 months ago.