Author: anon.hui
Description:
This is a feature that has a "sudo"-like behavior for any admin operation.
Any admins (sysop, bureaucrat) must be required to re-enter their password to
use any admin operation.
- When the admin user first login, they have all privileges with exactly the
same as normal login user.
- When the admin user first click the link that require admin privileges (such
as, delete, protect, block user), they will be prompted with password dialog
box. They must re-enter their password to gain the admin privilege session, so
that they can continue the admin operation.
- They won't be required to re-enter the password, to do any subsequent admin
operation, within the limited expiration time (since last admin operation).
- The session with admin privilege will expire, after a limited time since last
admin operation.
- When the session expire, they need to re-enter the password, to do the
subsequent admin operation.
- Must have logs for every admin operation. Not only delete/protect/block
operations which are already logged, the other admin operations, such as,
viewing the deleted page, editing the protected page, rollback the page, should
also be logged.
- Optionally, the admin may be required to give their reason to view any
deleted page. The reason will be shown in the log that record the viewing of
deleted page.
Rationale
See
http://meta.wikimedia.org/wiki/Proposal_for_a_sudo-like_behavior_for_admin_operations
Version: unspecified
Severity: enhancement
URL: http://meta.wikimedia.org/wiki/Proposal_for_a_sudo-like_behavior_for_admin_operations