07/24/2018 05:51 PMPosted by Moirasha07/24/2018 05:39 PMPosted by GruuhrAlso, officers can view messages posted in officer chat prior to their promotion.
This is not a good idea.
hahahahaha..
yeah, this needs to go
RIGHT?! It's insane!
07/24/2018 05:51 PMPosted by Moirasha07/24/2018 05:39 PMPosted by GruuhrAlso, officers can view messages posted in officer chat prior to their promotion.
This is not a good idea.
hahahahaha..
yeah, this needs to go
07/24/2018 05:26 PMPosted by Annaillusion07/24/2018 05:20 PMPosted by Daugil...
Can we get at least an explanation of what happened and if it's going to stay or not, or are you just doing this so the complaints can all be shepherded to one thread? I mean, if you don't know, you don't know, it'd just be nice to hear something. The silence is deafening.
My guess if they are extending the thread they are gathering the useful feedback provided here. Which would then be put up to discussion during a meeting when there is enough useful information to bring.
07/24/2018 05:51 PMPosted by Moirasha07/24/2018 05:39 PMPosted by GruuhrAlso, officers can view messages posted in officer chat prior to their promotion.
This is not a good idea.
hahahahaha..
yeah, this needs to go
07/24/2018 05:57 PMPosted by Sassiekal07/24/2018 05:51 PMPosted by Moirasha...
hahahahaha..
yeah, this needs to go
“Omg so like Momocow is sooo dumb I mean his DPS is like he’s level 1”
“I totes agree. Plus I heard he doesn’t floss...”
momocow has been promoted to officer
“Sup Guys!”
“Crap.....”
Plus side...at least you know what you walked into now when you log on.
07/24/2018 05:39 PMPosted by GruuhrAlso, guild chat hangs around forever. New guild members can see what was posted in guild chat prior to them joining. Also, officers can view messages posted in officer chat prior to their promotion.
This is not a good idea.
07/24/2018 05:18 PMPosted by Ythisens07/24/2018 01:59 PMPosted by RestomakWe're at 23 pages now, and I suspect this thread will soon get locked without a page extension by Blizzard. I'm going to bump my own post made about this very exact topic. Feel free to continue there if this gets locked.
https://us.battle.net/forums/en/wow/topic/20766206706
This isn't needed as I've extended the thread cap on this one. Thanks guys!
07/24/2018 06:30 PMPosted by AngosiaI'm going to argue against Blizzard in the case of the guild control changes but not in the context most are presently doing.
As Blizzard's security staff knows, when doing role-based access control permissions (and/or profiles), the principle of "Least Privilege" applies. This, in lay terms, means "Only what permissions are required to do the necessary tasks for that job role".
In this context, I am not comfortable granting a person who I did not designate an officer to have all officer permissions. Nor do I necessarily want to grant an officer all of the current permissions. In my guild hierarchy, the structure only allows 3 people to invite to the guild AND remove from the guild even though we may have a separate structure for officers.
(This is to combat the notion that 1 person is the benevolent dictator {i.e. GM}. We have a council of 3 Founders. If 2 disagree, I act as the tie-breaker as the "GM". Generally speaking, we don't disagree, but we can.)
I have a separate tier of "officers" in the context that most guilds use them today. These do my guild recruiting, raid leading, and class officer roles that most guilds have today. However, I do not grant them the ability to remove individuals from the guild nor would I.
This is a way of decentralizing power but also not providing a scenario where officers might disagree and act against each other intentionally or otherwise. They should be able to discuss this as a group and make the recommendation to the Founders. As a rule, I tend to let the two Founders handle those disputes (we really don't see any, but that's why the structure is there). I know both of the other Founders in person and I trust both implicitly, so it is a simple phone call or text from either of them to get my opinion if a tie should result.
In this context, as a person who has drafted security policies in a past architect role and as a current Operations Manager role, I am disinclined to give ranks permissions that I do not want them to have. It was granularly set in this fashion for a very good reason - and it is a technical control to help ensure that officers in my guild can't act on a whim.
While my vetting process is actually pretty good, it isn't perfect as nothing can be perfect. You're removing my ability to set practical guild permissions for the sake of simplifying the experience. I don't mind if there's a "simple" mode for folks who don't want to manage it, but give me an "advanced" mode so that folks who want to manage those things can.
07/23/2018 02:33 PMPosted by Polgara(Now for a “nice to have”)
If we are asking for new features, while I can think of several, the one thing I always thought was a glaring omission was having separate permissions for:
• Edit Own Public Note
• Edit All Public Notes
Thank you.
07/24/2018 06:58 PMPosted by ÆthelwulfI would like to expound on this topic and actually focus in on the principle stated in the second paragraph. Specifically the Principle of Least Privilege. There are literally enough volumes on this concept to fill libraries to overflowing.
The Principle of Least Privilege (PoLP) is the standard of Information Security that is adhered to by most if not all corporations (both public and private) government agencies (whether Global Federal State or Local in scope). It is the heart and soul of profile or role based security systems.
07/24/2018 05:18 PMPosted by YthisensThis isn't needed as I've extended the thread cap on this one. Thanks guys!
07/24/2018 05:39 PMPosted by GruuhrAlso, guild chat hangs around forever. New guild members can see what was posted in guild chat prior to them joining. Also, officers can view messages posted in officer chat prior to their promotion.
This is not a good idea.
07/24/2018 06:30 PMPosted by AngosiaI'm going to argue against Blizzard in the case of the guild control changes but not in the context most are presently doing.
As Blizzard's security staff knows, when doing role-based access control permissions (and/or profiles), the principle of "Least Privilege" applies. This, in lay terms, means "Only what permissions are required to do the necessary tasks for that job role".
In this context, I am not comfortable granting a person who I did not designate an officer to have all officer permissions. Nor do I necessarily want to grant an officer all of the current permissions. In my guild hierarchy, the structure only allows 3 people to invite to the guild AND remove from the guild even though we may have a separate structure for officers.
(This is to combat the notion that 1 person is the benevolent dictator {i.e. GM}. We have a council of 3 Founders. If 2 disagree, I act as the tie-breaker as the "GM". Generally speaking, we don't disagree, but we can.)
I have a separate tier of "officers" in the context that most guilds use them today. These do my guild recruiting, raid leading, and class officer roles that most guilds have today. However, I do not grant them the ability to remove individuals from the guild nor would I.
This is a way of decentralizing power but also not providing a scenario where officers might disagree and act against each other intentionally or otherwise. They should be able to discuss this as a group and make the recommendation to the Founders. As a rule, I tend to let the two Founders handle those disputes (we really don't see any, but that's why the structure is there). I know both of the other Founders in person and I trust both implicitly, so it is a simple phone call or text from either of them to get my opinion if a tie should result.
In this context, as a person who has drafted security policies in a past architect role and as a current Operations Manager role, I am disinclined to give ranks permissions that I do not want them to have. It was granularly set in this fashion for a very good reason - and it is a technical control to help ensure that officers in my guild can't act on a whim.
While my vetting process is actually pretty good, it isn't perfect as nothing can be perfect. You're removing my ability to set practical guild permissions for the sake of simplifying the experience. I don't mind if there's a "simple" mode for folks who don't want to manage it, but give me an "advanced" mode so that folks who want to manage those things can.
07/24/2018 07:32 PMPosted by Calathiel07/24/2018 05:39 PMPosted by GruuhrAlso, guild chat hangs around forever. New guild members can see what was posted in guild chat prior to them joining. Also, officers can view messages posted in officer chat prior to their promotion.
This is not a good idea.
Huh, didn't even notice this was a possible thing - thanks for pointing that out! :) I'm sure a lot of guild leaders will like that tidbit of information.
Along with that, it probably should be changed.
07/24/2018 07:48 PMPosted by Mizbehaving07/24/2018 06:30 PMPosted by AngosiaI'm going to argue against Blizzard in the case of the guild control changes but not in the context most are presently doing.
As Blizzard's security staff knows, when doing role-based access control permissions (and/or profiles), the principle of "Least Privilege" applies. This, in lay terms, means "Only what permissions are required to do the necessary tasks for that job role".
In this context, I am not comfortable granting a person who I did not designate an officer to have all officer permissions. Nor do I necessarily want to grant an officer all of the current permissions. In my guild hierarchy, the structure only allows 3 people to invite to the guild AND remove from the guild even though we may have a separate structure for officers.
(This is to combat the notion that 1 person is the benevolent dictator {i.e. GM}. We have a council of 3 Founders. If 2 disagree, I act as the tie-breaker as the "GM". Generally speaking, we don't disagree, but we can.)
I have a separate tier of "officers" in the context that most guilds use them today. These do my guild recruiting, raid leading, and class officer roles that most guilds have today. However, I do not grant them the ability to remove individuals from the guild nor would I.
This is a way of decentralizing power but also not providing a scenario where officers might disagree and act against each other intentionally or otherwise. They should be able to discuss this as a group and make the recommendation to the Founders. As a rule, I tend to let the two Founders handle those disputes (we really don't see any, but that's why the structure is there). I know both of the other Founders in person and I trust both implicitly, so it is a simple phone call or text from either of them to get my opinion if a tie should result.
In this context, as a person who has drafted security policies in a past architect role and as a current Operations Manager role, I am disinclined to give ranks permissions that I do not want them to have. It was granularly set in this fashion for a very good reason - and it is a technical control to help ensure that officers in my guild can't act on a whim.
While my vetting process is actually pretty good, it isn't perfect as nothing can be perfect. You're removing my ability to set practical guild permissions for the sake of simplifying the experience. I don't mind if there's a "simple" mode for folks who don't want to manage it, but give me an "advanced" mode so that folks who want to manage those things can.
07/24/2018 07:05 PMPosted by AngosiaIt's the same things companies do now: You choose to have less security for the less hassle upfront, but the security folks know on the back-end that it creates a mound of issues later on... OR, you can take more time to set it up the right way at the start and have less changing to do later on with a clearly defined access control policy and technical controls to enforce the aforementioned policy.
07/24/2018 07:52 PMPosted by CarthorinnYeah and if you delete the message it sticks out like a sore thumb like "Carhorinn deleted this message" so even if you do it for damage control people still go WTF is with the deleted messages LOL