This document details the access policy and procedures regarding Nextcloud on the XR Australia Branch server.
An XRAus Library Folder (owned by
ncadmin) will be created, read-only access will be granted to all users on Nextcloud with write access provided to National Working Group circle. This folder would contain the follow sub folders:
- Documentation (IT Platforms, Training resources for SOS, NVDA, etc, )
- Photos & Media [On Hold] - Awaiting decision to be made by National M&M Working Group. See discussion here
- Activist Resources (templates, stencils, etc)
An Everyone folder(owned by
ncadmin) will be created and shared with the Everyone group (which all users are members of).
A State Folder folder(owned by
ncadmin) will be created for each state and territory and shared with all rebels which belong in the region
A Temporary (Cleared Weekly) folder (owned by
ncadmin) will be created. It will be configured such that after 7 days of being added files will be removed.
Each group (regional groups (RG), local groups (LG), working group (WG), interest group (IG), etc) will have a
group-admin user created for them. This user will own a group folder, a sharing circle and any other shared resources (eg. calendar). Members of the group will be added to the sharing circle and all resources will be shared with that circle.
To mitigate for power at least two rebels will need to have access to the
Setting Up Group Accounts
New Local Groups
When a new group forms the first step is for that group to make themselves known and receive some training from Integration, SOS, and Infrastructure/IT.
This process will be defined elsewhere.
Groups within a Local Group or XR Aus SOS
Requests for setting up new group accounts should come from the groups super-circle group account. They can be requested by emailing firstname.lastname@example.org from the super circles ProtonMail account.
The Limestone Coast Media and Messaging Working Group requests a new group account be created for our Social Media Team. email@example.com
The Tech Champion for this group will be Jo.Blogs@protonmail.com Mattermost handle: @rebeljo
Each group will need to nominate a Tech Champion (the Internal Coordinator by default). Before granting access they will receive training in how to administer access to the group’s Nextcloud shared files and how to use the group’s ProtonMail email account.
When a new group forms the Nextcloud Admin must:
- If it does not exist create a new protonmail account for the group and ensure that a suitable backup email address is set.
- Create a Nextcloud account for
group-adminusing the protonmail account as the email address and the protonmail username for the display name & username. This account should have a 5GB quota.
- Create a new folder for the group (owned by the
- Create a new closed circle for the group (owned by the
- Update the directory of groups (file on Nextcloud shared with admins and XRAus SOS) adding the new group beneath its parent regional group when applicable. The above created email address should be listed as the public contact for the group.
ncadminan admin of the group’s circle (this allows
ncadminto add newly registered users to the circle).
- Setup accounts for group users. Make the new group’s nominated Tech Champion an admin of the group’s circle and train them in how to add and remove users from the group’s circle.
- Hand over the login details for
group-adminuser and the firstname.lastname@example.org email address (if applicable) to the new group’s Tech Champion & Coordinators. The passwords should be changed in the process of hand over to remove the Nextcloud Admin’s access.
- Remove the shared folder from the ncadmin account (this prevents ncadmin from snooping through files)
Work must be done in collaboration with National SOS to contact existing groups and record their contact details.
How do rebels get a Nextcloud account?
To request a new account an individual must contact their respective group coordinators who are in charge of verifying that a user is a vouched for member of their group. The group’s Tech Champion (the internal coordinator by default) should email email@example.com with an email containing the email addresses of the new members. Nextcloud admins will respond to this email within 5 days.
The Limestone Coast Media and Messaging Working Group Social Media Team requests a new group account be created for firstname.lastname@example.org.
When a new user is requested the Nextcloud Admin must:
- Verify that the request is from the ProtonMail address for the
- Create the account using the supplied protonmail account as the email address and the protonmail username for the display name and username. This will trigger a password reset email being sent to the user. This account should have 0GB quota.
- Assign this user to the Everyone group and the appropriate regional/state Nextcloud group.
- Add the user to the requesting group’s sharing circle.
- Send a follow up email to the requester notifying them that the account is created and a reminder link to instructions for administering the membership of their group’s sharing circle.
How do rebels who already have a Nextcloud account join a new group?
Group membership is administered by the Tech Champion for that group.
Group membership is administered by the group’s Tech Champion (Internal Coordinator by default). Access to a group’s files is controlled through Nextcloud Circles.
When an existing user requests access to a group’s files the Group’s Tech Champion must:
- Verify that the user is a member of their group and should be granted access.
- Verify the user’s Nextcloud username and email address.
- Go to the Circles section of Nextcloud. Find the groups circle and then add the user by to it. Enter the users full email address before selecting the account. This will ensure that the correct user is being added and not another user with a similar username.
What happens when a rebel leaves a group?
The Tech Champion should remove the user from the groups circle.
When a user leaves a the Group’s Tech Champion must:
- Go to the Circles section of Nextcloud. Find the groups circle and remove the rebel from the circle.
What happens when a rebel leaves Extinction Rebellion?
If the user has left Extinction Rebellion then contact email@example.com and a Nextcloud admin will disable the account. Disabled accounts can be restored at a later date. This can also be requested via email.