Team Management Request - Create SideQuest Team #234

New Issue

Mike Nisbet · 2024-08-13T12:03:54+02:00

Mike Nisbet commented

2024-08-13 12:03:54 +02:00

Team Management Request
Mark the type of request you have:

Create a team
Join a team
Add a member to my team
Remove a member from my team
Delete a team

Team Information
Name: SideQuest
URL: e.g. https://extensions.blender.org/team/sidequest/

User Details
Name of the user to add/remove: mikesq
Profile URL: https://projects.blender.org/mikesq

**Team Management Request** Mark the type of request you have: - [x] Create a team - [ ] Join a team - [ ] Add a member to my team - [ ] Remove a member from my team - [ ] Delete a team **Team Information** Name: SideQuest URL: e.g. https://extensions.blender.org/team/sidequest/ **User Details** Name of the user to add/remove: mikesq Profile URL: https://projects.blender.org/mikesq

Dalai Felinto commented

2024-08-13 14:39:26 +02:00

@mikesq I created. But why do you want a team that only has one member?

Mike Nisbet commented

2024-08-13 16:58:38 +02:00

Thank you. I am looking to publish an extension under an organisation rather than just a personal account, because it won't just be me who is working on it and we may add extra team members, and the page directed me here. I am hoping/presuming I can now upload on behalf of the team? I would also like to explore uploading as the team account via the API so we can automate delivery from a pipeline.

Oleg-Komarov commented

2024-08-13 17:18:34 +02:00

regarding the part of team accounts and API:

I can see how it may be weird to configure a CD pipeline in an organization using a personal API token:

that person may eventually leave the organization, and the token would need to be replaced
token usage audit is available only to that one person, not to the whole team

On the other hand, our current data model enforces a user-level attribution for all file uploads, and I would be inclined to keep it as is, until we get a strong signal that our approach is inadequate:

it allows us to keep accountability for uploads on a user account level
every user account has a contact method (email) while teams have none, except for the approval queue threads, but that's probably a bit of a stretch
we can lock out a misbehaving user, but what would it mean for a misbehaving team?
etc

regarding the part of team accounts and API: I can see how it may be weird to configure a CD pipeline in an organization using a personal API token: - that person may eventually leave the organization, and the token would need to be replaced - token usage audit is available only to that one person, not to the whole team On the other hand, our current data model enforces a user-level attribution for all file uploads, and I would be inclined to keep it as is, until we get a strong signal that our approach is inadequate: - it allows us to keep accountability for uploads on a user account level - every user account has a contact method (email) while teams have none, except for the approval queue threads, but that's probably a bit of a stretch - we can lock out a misbehaving user, but what would it mean for a misbehaving team? etc

Mike Nisbet commented

2024-08-13 17:22:46 +02:00

I totally understand, and get that this fairly new so I'm probably already asking for boundary changes. In that case, am I almost better making my account a shared login called sidequest? I was considering this at first until I saw the teams section.

Edit: So what is the method to publish as team? On the upload page, I can't see any suggestion that I could put it under the team account, just my own.

I totally understand, and get that this fairly new so I'm probably already asking for boundary changes. In that case, am I almost better making my account a shared login called `sidequest`? I was considering this at first until I saw the teams section. Edit: So what is the method to publish as team? On the upload page, I can't see any suggestion that I could put it under the team account, just my own.

Oleg-Komarov commented

2024-08-13 17:49:38 +02:00

On the upload page, I can't see any suggestion that I could put it under the team account, just my own.

on the next step, when editing the draft you should see this field:

> On the upload page, I can't see any suggestion that I could put it under the team account, just my own. on the next step, when editing the draft you should see this field: ![image](/attachments/31c1ef45-98da-4d11-a47a-4f6c6fbbc3f5)

image.png

32 KiB

Mike Nisbet commented

2024-08-13 17:51:24 +02:00

Thanks, exactly what I'm looking for. We can deal with using a personal API token. Thanks both for your help!

Mike Nisbet closed this issue

2024-08-13 17:51:25 +02:00

Oleg-Komarov commented

2024-08-13 17:52:52 +02:00

making my account a shared login

We plan to create downsides for this as well, sorry :)

Right now shared logins look like the easiest way, but we are working on stepping up our account security game and plan to rollout multi-factor authentication in the near future, eventually making it required for extension uploads. Sharing MFA authenticators doesn't work well.

> making my account a shared login We plan to create downsides for this as well, sorry :) Right now shared logins look like the easiest way, **but** we are working on stepping up our account security game and plan to rollout multi-factor authentication in the near future, eventually making it required for extension uploads. Sharing MFA authenticators doesn't work well.

Sign in to join this conversation.