Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reevaluate the benefits of Groups 7.1 #273

Closed
1 task
buidav opened this issue Apr 18, 2024 · 2 comments · Fixed by #489
Closed
1 task

Reevaluate the benefits of Groups 7.1 #273

buidav opened this issue Apr 18, 2024 · 2 comments · Fixed by #489
Labels
Baseline Revision
Milestone
Driftwood

Comments

@buidav
Copy link
Collaborator

buidav commented Apr 18, 2024

💡 Summary

In the instructions for 7.1 we're asking that groups be initially created with access type of restricted. This seems like a best practice and can easily just easily be bypassed by changing the access type right after creation.
groups

The rego itself checks if all groups are always of access type restricted permissions.
rego71

Due to the organizational needs I'm not sure it's viable for us to have a policy that says groups must always disable that anyone in the organization can.

  • view post
  • post to
  • view members of a group.

I think we should delete 7.1 altogether but I'm open to other suggestions.

Motivation and context

Streamlining the ease of use of the SCuBA baselines.

Implementation notes

  • Either delete or rewrite the instructions for Groups 7.1

Acceptance criteria

  • Groups 7.1 has a clearer purpose or is deleted.
@buidav buidav mentioned this issue Apr 18, 2024
Merged
14 tasks
@LaurenBassett
Copy link
Collaborator

The other thing I think worth mentioning, is that the baseline currently appears to be checking for ALL existing groups and whether or not they are restricted. It does not address the actual core of the baseline, which is that NEW groups should be restricted.

@snarve snarve added this to the Coast milestone May 15, 2024
@adhilto adhilto modified the milestones: Coast, Driftwood Aug 22, 2024
@mdueltgen
Copy link
Collaborator

We have decided to remove Groups 7.1 for clarity.

@mdueltgen mdueltgen mentioned this issue Oct 31, 2024
Merged
14 tasks
@mdueltgen mdueltgen linked a pull request Oct 31, 2024 that will close this issue
Removing Groups 7.1 #489
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Baseline Revision
Projects
None yet
Milestone
Driftwood
Development

Successfully merging a pull request may close this issue.

Removing Groups 7.1 cisagov/ScubaGoggles
5 participants
@LaurenBassett @buidav @adhilto @snarve @mdueltgen