1. Title the issue Full Name, System(s), Role using the details of the person requesting access information. If bulk access is being requested then Bulk Access, System(s), Role

Step 1. Personal Information

1. Personal Information: Please provide a list of people who are requesting access. Include the relevant information.
2. SSH Keys: Add the public ssh key only if needed for the type of access being requested.

Step 2. Access Request

1. Remove or add lines for the systems you need access to. Make sure to follow the format from the template (also included below). Be as specific as possible with the access you are requesting by adding the role, vault, group, channel or project you are requesting access to.
2. If administrative access is being granted, add the label admin-access. Request the least amount of access you need as per the least privilege review and explain why you need access in the rationale section.
3. If the request involves access to systems owned by the Infrastructure team (according to the tech stack, mention @gitlab-com/gl-infra/managers and ask them to approve by adding the ~InfrastructureApproved label.

- [ ] System name: Which vault, which group, which channel, which project, which role?
    - Justification for this access: Please explain why this access is needed.

Step 3: Assign to Manager for approval

1. If you are a manager requesting access for one of your reports, please skip to step 4.
2. Add the label AR-Approval::Needs Manager Approval to the issue.
3. Assign the issue to your manager. When access is being requested for multiple people who report to different managers but are part of the same department or division, approval can be obtained by the manager at the highest level; that is, the Director, Vice President, or Executive of the department or division.

Step 4: Managers to do

1. If you are the manager of this person, add the labels AR-Approval::Manager Approved and ReadyForProvisioning to the issue; if you are the one asking for access, then you have to assign to your manager for approval and they must add the labels AR-Approval::Manager Approved and ready for provisioning.
2. After approval, then YOU MUST assign the issue to the system provisioner listed in the tech stack.

Step 5: Provisioners to do

1. Before provisioning, consider that team members should only be granted the minimum necessary access to perform their function. Determine whether the access level is necessary or if a lower access level would be sufficient.
2. If the access level is adequate proceed with provisioning the account after verifying the AR-Approval::Manager Approved label is present.
3. Under step 2, please check off the system you provisioned.
4. If administrative access is being granted, add the label admin-access to this request so Security Operations knows who has admin access.
   • If admin access is being granted to GitLab.com ensure the user is added to the GitLab Instance Administrators group
   • Inform the user 2fa is required and they will be locked out if it is not immediately setup

Prior to submitting this Issue Request

1. Please review our Access Control Policy and Procedures to ensure that your request is in line with GitLab's policies and procedures. If after review you feel that a shared account is still needed, complete submit the issue using the template. Note that systems with PCI data is not allowed shared accounts.
2. Please note that shared account request(s) will need to be reviewed and approved by IT Ops and the listed Tech Stack Owner. An Exception Request will need to be logged for each user you are requesting to be added. Note that with an Exception Request the maximum exception length is 90 days (365 days for device exceptions only). After the Exception Length, you will be required to submit another Exception Request for review and approval.If the exception request is not logged, reviewed, and approved for an extension, note that the Shared Account will be disabled. Please refer to our Information Security Policy Exception handbook page for more information.

Instructions on how to submit this issue request

1. Title issue "Shared Account Request, Role, System(s)" using your information.
2. Fill out the User Details section and remove or add lines as needed.
3. Add lines for the system(s) you need access to so only the ones you want are left in the issue. Do not check them off.
   • Request the least amount of access you need as per the least privilege review and explain why you need access in the rationale section and name the role you are requesting. Be specific.
4. If you are the manager of this person, add the labels AR-Approval::Manager Approved and ready for provisioning to the issue; if you are the one asking for access, then you have to assign to your manager for approval and they must add the labels AR-Approval::Manager Approved and ready for provisioning.
5. After approval, then YOU MUST assign the issue to the system provisioner listed in the tech stack.
6. Close the issue when it's complete.

1. Title issue "Full Name - System - Role" (ex: Laura Croft Google Group: adventurer)
2. Remove or add rows for the access you need.
3. Assign to your manager to get approval by label if this request is for (they must apply labels AR-Approval::Manager Approved and ReadyForProvisioning:
   • access to a 1Password vault or group
   • admin access
   • access to a slack group for a non-internal person, including shared Slack channels
   • Please note if a non-internal person has been removed from a slack channel and is requesting access again they will need a new access request and manager approval
4. Close the issue when it's complete.

1. Title the issue Full Previous Name to Full New Name - Name Change Request.
2. Please complete all applicable sections as described in the issue template.

1. Data
2. Finance
3. Infra
4. IT
5. Legal
6. PeopleOPs
7. Prod+Eng
8. Marketing
9. Sales
10. Security
11. Support