|This page in a nutshell: Interface administrators are highly trusted users able to edit all CSS/JS/JSON pages, gadgets, and MediaWiki messages.|
The ability to edit CSS/JS that is executed in other users' browsers is very powerful and extremely dangerous in the hands of a malicious user; interface administrators should be users who are highly trusted, have at least a basic understanding of CSS and JS, are aware of the privacy expectations of Wikimedia wikis, and have a decent understanding of how to secure their accounts (such as choosing strong and unique passwords and avoiding malware infection). The WMF Office requires all interface administrators to use two-factor authentication.
There are currently 13 interface administrators. If you need assistance from an interface administrator, you can make a request at the Interface administrators' noticeboard. Note there is a similiar global group, who may use their access subject to the global rights policy.
Process for requesting
- Venue: Wikipedia:Bureaucrats' noticeboard
- Process: Admin makes a request, with a rationale, at the bureaucrats’ noticeboard, to request interface administrator access. The request will remain open for 48 hours for first-time requests. Re-admin requests, not under a cloud, will not have a waiting period. No notice at other noticeboards is required. Bureaucrats may inquire about why admins are requesting access at their discretion. Editors may discuss the applicant, but the final decision rests with the reviewing bureaucrat.
- Duration of right: Permanent by default, can be temporary if requested.
Removal of permissions
Permission should be removed by bureaucrats in the following circumstances:
- Interface administrators who have made no edits or other logged action for at least 2 months or who have made no edits using the permission for at least 6 months should have the user right removed.
- Voluntary request by the interface administrator at the bureaucrats' noticeboard.
- After misuse of the access by consensus (e.g. at Wikipedia:Administrators' noticeboard).
- Upon removal of administrator access, for any reason.
- By request of the Arbitration Committee.
Any bot operator requesting access for their bot(s) must possess the user right permanently themselves.
All bot operators are required to enable 2FA for their bot accounts, create a strong account password, and are strongly urged to use OAuth for maximum security. Bureaucrats, and BAG, may ask bot operators to enforce these security measures at their discretion.
While interface administrators have full abilities with all CSS, JS, and JSON pages that are located in the MediaWiki namespace or within the user space of other editors, administrators that are not interface administrators have the ability to view and delete those pages only. They also cannot view the deleted history of CSS, JS, or JSON pages in those areas (even if they were the user that deleted it), nor can they restore any deleted revisions of those pages.
|View deleted history||No||No||Yes|
- Sitewide pages, such as MediaWiki:Common.js or MediaWiki:Vector.css, or the gadget pages listed on Special:Gadgets, and other user's subpages
- Any administrator can edit other pages in the MediaWiki namespace and all JSON pages.
- All registered users may edit their own personal js/css/json pages as used by Wikipedia:User scripts.
- WMF 2FA requirement as published on metawiki.
- Limited to administrators in this September 2018 RfC
- Limited to administrators in this October 2018 RfC
- This process was approved in this RfC.