From a mail Timo sent me and I have missed:
Can we remove the inclusion of ldap/wmf group in 'integration'?
https://gerrit.wikimedia.org/r/#/admin/groups/10,members
In places where we want all of wmf to have access, we can manually include it as second group in permissions. For example, on https://gerrit.wikimedia.org/r/#/admin/projects/integration,access integration and ldap/wmf are both listed.
But for "Submit" I'd like to restrict e.g. integration/jenkins-job-builder-config to integration members. To avoid a mess like on https://gerrit.wikimedia.org/r/#/c/156193/
— Timo
Version: wmf-deployment
Severity: enhancement