People interact with the Common Web Platform (CWP) in different roles and with different responsibilities. Certain actions, such as incurring costs, or making technical changes, can only be carried out by people in specific roles. This ensures the integrity of the platform.
This section outlines the various roles and the responsibilities of each. It also explains which roles are authorised to create users, and how this is done. Roles and responsiblities are detailed here.
Authorisation requests are sent to one role only, starting with the Deployment Manager. If a role is not assigned, or does not respond to a request within a reasonable timeframe (ninety minutes for deployments), we have an escalation path in place to make sure a response can be obtained:
Certain roles allow backup nomination via the appropriate Service Desk ticket. Escalation to backup will occur if the primary manager is temporarily not available. See the backup roles description for more details.
Non-trivial requests that come at a financial cost or pose an outage risk to the production environment will use SMS communication to obtain approval. Such requests may include adding or removing an instance, changing Disaster Recovery level, updating file permissions, or low-level upgrades to the LAMP stack. A full list of these high-impact actions are listed below.
When a request requires SMS approval, the CWP team at SilverStripe will send a text message, from a constant phone number, to the person(s) authorised to approve the request. Depending on the nature of the request, the recipients may include the Instance Manager, Relationship Manager, Deployment Manager, Backup Instance Manager, or Backup Deployment Manager. The text message will briefly describe the change that is about to be applied, along with two distinct text options for reply: one to approve the change, and one to deny it. Once the CWP team receives a valid response, the process to handle the request will either continue or be cancelled. If no response is received, the request remains open, and it is the responsibility of whoever initiated the request to obtain approval from the authorised person(s).
Using two-factor confirmation with SMS adds an extra layer of protection to your website by mitigating any chance of a single-access control (e.g. a password) being compromised and causing major damage. The SMS controls ensure that whoever is authorising the change is not only authenticated, but is also in possession of, and can access, a known mobile device. Alternatively, email also provides decent two-factor confirmation, but because SMS is received on a single device that is likely locked and concealed on its owner, text messages are considered far more secure.
There are a few other benefits to using SMS controls. All SMS exchanges are recorded, which provides an audit trail if and when faults arise. Further, SMS approvals are greatly expedited compared to their analog counterparts, as they require no signed documents, and responses can be automated.
The following table can accessed by tabbing through its content and is available to screen readers.
*) Backups are available for some roles. See "Backup roles" section.
Last modified:
