At times we have community members who are contributing to projects or areas that require access to private repositories or systems that are not typically available to community members. Access can be granted on a case-by-case basis when:

• The contributor is a trusted, long-standing member of the community.

• They are not being given access to production systems.

• The system's division head and Security Operations approves.

• The contributor has signed Mattermost's Non-Disclosure Agreement.

Getting approval

1. Use the following template to send an email to the division head. It may make sense to give them a heads-up via community.mattermost.com first. Make sure to cc security-ops@mattermost.com and anyone else you consider relevant.

Subject: Request for Community Member Access - <contributor-name>

Hi <division-head-name>,

I would like to request access to <system> for <contributor-name>. They will require <permissions-they-need>.

The justification for this expanded access is <justification>.

<contributor-name> has been a reliable part of the community for <length-of-time> and is trusted.

Thanks,

<your-name>

2. Wait for the division head and Security Operations to approve via email.

3. Ask the community member to sign the standard Mattermost NDA (link for process needed).

4. Once the NDA signing process is complete, access can be given. The division head can help with getting access granted.