Currently, Klaxon is available to LDAP members of wmf, wmde, nda, and ops. When anyone else needs to manually page the SRE team, they have to find someone in one of those groups and ask for help.
It's intentional that access is limited: Klaxon can be used to page us when we're not working, and that should be available only to people we trust to use it properly. Even well-intended but incorrect usage, like paging SRE for something that another team needs to handle, would be serious. SREs are able to react urgently to paging alerts because they're rare. If we got spurious pages more than very occasionally, it would tend to create alert fatigue and reduce responsiveness for critical issues, on top of being an unfair intrusion into non-working hours.
But for appropriately trusted community members, Klaxon access would make it easier to get hold of us when we do need to act. Granting access to stewards might be a reasonable place to start, particularly because some stewards have had an easy time getting NDA access and getting access to the tool that way (but full NDA access isn't strictly necessary here).
Separately, we may also want to be able to add trusted individuals such as wiki admins ad hoc, while those individuals are working on active abuse incidents that might require them to page us.
Things to do here, as far as I can tell:
- Find out whether there's agreement in principle, probably via discussion at the SRE meeting, that we're comfortable with a larger number of trusted community members being able to reach us directly in an emergency
- Create at least an LDAP group for individual Klaxon access (klaxon-users?) and possibly also a more descriptive group like stewards for role-based access
- Grant those groups access to Klaxon in puppet and update Klaxon docs
- Update SRE clinic duty docs so that clinicians can handle steward access requests
- Communicate to stewards that they can use Klaxon to page us, and what they should use it for; include instructions to create a developer account and get it added