Evaluate who can access `admin`

[sunnyclimber456]

Currently, anyone with a guardian.co.uk google login can access the admin app ¹².

Given that the admin app exposes features and settings which can have unintended consequences, it might be worth

1. Defining which Google groups should have access to admin
2. Restricting certain routes to a subset of those groups

The motivation for this was raised by @SiAdcock

Footnotes

1. https://github.com/guardian/frontend/blob/1567b3aa951cb707b04f106ba64e07fb3ddea628/common/app/conf/GoogleAuth.scala#L42 ↩

2. https://github.com/guardian/frontend/pull/24805 ↩

[SiAdcock]

Thanks for starting this conversation @georgeblahblah

Use case 1: Currently, anyone can edit our ads.txt. This has implications for:

• carbon footprint: more hops means greater energy use. We're also doing a lot of work to reduce this with Scope3 working with our sustainability team .
• revenue: we might redirect spend from our partners for whom we have lower fees, to others we have no direct relationship with, which could impact our longer term sales strategy.
• trade marketing/bad publicity: ads.txt files are often files on every website that carries advertising. These files are tracked across the industry, and are used to compare "good" sites vs "bad" (made for advertising) sites. The larger the list the typically lower quality the sites are.
• IAB Gold Standard 2.0: As part of our accreditation we needed to update our ads.txt file to the new version, and also show progress in vetting our partners. Changes that are not fully considered could impact our accreditation which we speak about widely in the market.

Use case 2: Currently, anyone can disable commercial third party integrations via the switchboard. The consequences of doing this are difficult to imagine. It's hoped that only people well-versed in these integrations and their relative importance would consider doing this, but at the moment there is no way of enforcing this.