User:Doctree/sandbox/Revised Guide 2013

The Account Creation Interface is an application software that is used to facilitate account creation requests on the English Wikipedia. It is hosted on the Wikimedia Toolserver. This guide describes accepted practices in handling requests that are submitted to the tool. Users who wish to participate in this process must apply for access pursuant to the required qualifications that are listed in this guide. New interface users should read this page thoroughly and experienced users should periodically check for updates.

Registering for use
To use the interface to handle requests, you must register here and complete your registration by leaving a signed edit with a link to your identification diff from the Identification noticeboard on your Wikipedia user talk page confirming that you wish to sign up. Your account must be approved by a tool administrator and if approved, you will receive a notice usually on your talk page. If you are declined, you will receive an email explaining why.

Notes, terminology, and requirements

 * Interface administrators (herein referred to as tool administrators or administrators) are not the same as Wikipedia administrators (herein referred to as sysops). Most Wikipedia sysops are not tool administrators.
 * Tool accounts unused for 45 days will likely be suspended. Contact a tool admin to regain access.
 * Despite the similar names, you do not need the "account creator" right to use the account creation interface. This is an entirely separate permission from being granted access to the interface itself. Your rights as a regular Wikipedia editor are sufficient to create accounts in normal situations. After gaining experience using the account creation interface, you may wish to apply for the "account creator" right which lets you handle more complex cases and override certain limits.

Qualifications for using the interface
To qualify as an ACC user, you must meet the following minimum requirements: This list is not exhaustive, but are the primary reasons tool admins consider when looking at a request for an account.
 * You MUST be identified to the Wikimedia Foundation before access to the interface is granted
 * You have a clean block log or if you have had a block it must not be recently placed (preferably not within 6+ months, depending on length of block)
 * You need a valid email address that you actively watch. (Signup: here) Tool policy change notices are sent out this way, and you are responsible for keeping up with them.
 * You have no history of abuse. Users with a history of account-related abuse — such as sockpuppetry — will be denied access to the tool
 * You have no active or recent editing restrictions or had disciplinary action enacted upon yourself, such as Arbitration Committee sanctions and editing restrictions
 * You MUST have read, understood and agreed with the ACC guidelines
 * Your account on Wikipedia must be at least 6 months old and have at least 1500 edits.
 * You have a solid grasp of Wikipedia's policies and guidelines and show yourself to be a knowledgeable user
 * You have a clear understanding of and agree to abide by the Wikimedia Foundation's privacy policy
 * You need to be able to accept/acknowledge constructive criticism
 * You must only use one account and not apply for a new one.
 * You need to wait a reasonable amount of time before appealing an account decline or suspension decision. Also excessive appeal requests without taking enough time to properly consider and address the original deny reason will not be considered.

Finally, the acceptance of requests are subject to the opinions of tool administrators based on the demonstrated trustworthiness, competence of the candidate, and the apparent need for more users.

Interface documentation
After logging in, you will see the main interface — see screenshot below — which displays a list of open requests, requests needing account creator attention, a list of requests needing CheckUser attention, and a list of the last five closed requests. After you mark a request as being handled, each open request or request needing account creator attention or CheckUser attention will have a string of links, like this:

Zoom (CMT) [ Address@website.com ( 2 ) | 127.0.0.1 ( 100 ) ] WikipediaAccount | Ban: IP — E-Mail — Name

Please remember that account creating is not a race! The requests that end up in the ACC interface are accounts which couldn't have been created under normal circumstances. Please keep this in mind and react thoughtfully. It happens sometimes that one is in the middle of a situation and one doesn't know what action to take. Just ask in the ACC IRC Channel for help in situations such as these:. There are always other interface users online who are willing to assist you. In case you do not get a satisfactory response, and do not know which course to undertake, it is better to defer the request to other users rather than to undertake a wrong course of action. If you ask for help, you will need to provide (to non-admin users) the link shown on the 'zoom' page to the other user to allow them to see the private data.

Please note: If you seem to 'rush' through a request (for example, by not performing all the checks listed below), you may lose access to the tool. It is essential that all the checks are performed to ensure that accounts are correctly created or declined.



In the header of every page, there are a number of links:
 * Top links
 * Account Requests: returns you to the request queue
 * Logs: shows recent activity
 * Users: shows all users with access to the tool
 * Ban management: shows all active bans
 * Message management: shows the current interface messages:
 * Mail Messages which are sent to the requester when the request is closed
 * Public Interface messages which are messages that people can see when submitting their requests for an account
 * Internal Interface messages which are messages that the users of the interface see when using the interface


 * User management: (admins only) where interface users can be approved, blocked, promoted to admins or demoted to users
 * Template management: shows which welcome templates are available, a preview, as well as (admins only) adding, removing, and editing templates
 * Search: allows a search of the ACC logs (not Wikipedia's creation logs)
 * by email address
 * by IP address (admins only)
 * by requested username
 * A wildcard is automatically added to each end of the search query.


 * Statistics: shows statistics about the ACC tool and the users of the tool
 * Preferences: allows you to change your settings:
 * Your signature (wikicode)
 * Your Email address
 * Email signature
 * Enable use of the secure server
 * Don't ask to double check before closing requests (requires Javascript)
 * You can also change your password on this screen


 * Guide: Opens this guide
 * Chat: Join the IRC chatroom

The IP Address links group contains the following links:
 * IP Address links
 * Talk Page links to the IP's talk page
 * Local Contributions links to the IP's contributions on the English Wikipedia
 * Deleted Edits link to edit counter showing deleted edits
 * Global Contributions links to the IP's contributions across all Wikimedia projects
 * Local Blocks links to the IP's block log on the English Wikipedia
 * Local Range Blocks checks for any applicable IP-range blocks on the English Wikipedia
 * Global Blocks links to the IP's global block log on Meta
 * Global Range Blocks checks for any applicable global IP-range blocks or locally disabled global blocks
 * Whois runs a WHOIS on the IP
 * Geolocate Geolocates the IP
 * Abuse Filter Log shows all actions from the IP that tripped an Edit Filter
 * SIL runs a WHOIS, DNSBL, and Tor check on the IP, with a report of any active local/global blocks and the IP's local block log

This section could take three forms, just a plain list of links if the request was made directly to the tool (almost never the case on the Toolserver), or it could have come via a proxy or a set of proxies. For more information on how to interpret these, see this page.

The User name links group contains the following:
 * User name links
 * User page: A link to the user page of the requested account
 * Creation log: A link to check the creation logs of the requested account
 * SUL: A link to check the existence of the requested user name on other Wikimedia projects
 * alt: Hersfold's alternative SUL utility
 * Special:CentralAuth: A link to MediaWiki's global user manager
 * Username list: A link to the user list to check for similar account names
 * Google search: A link to Google, which searches occurrences of the requested account name on Google's search index

You should also check the username. Remember to keep username policy in mind when reviewing a name. Always do a Google search to see if it is the name of a company or organization, which may be considered promotional, indicate a conflict of interest and a violation of Username Policy. If the name is ambiguous, then you should take where the requester's IP Address geolocates to in relation to the relevant company, the requester's email address and the requester's comment into consideration. It is also important to check whether the requested username made any contributions on other Wikimedia Projects. This way you could see whether the requested name forms part of a global account or unified login — if so the account should not be created. When you are pleased with the request you can click the Create! link to create the account.

The Account creation link group contains the following:
 * Account creation link
 * Create!: A link to create the requested account

The Actions group contains the possible resolutions that can be given to a request:
 * Actions
 * Created! if you were able to create the account
 * Similar if it is too similar — see below for details
 * Taken if the username was already taken (but if the username was created a very short while after the request — for example a few minutes after — then you can assume that it is the same user, and Drop the request instead)
 * SUL Taken if the username is already a part of a SUL account
 * UPolicy if the requested username violates the username policy
 * Invalid if it contains bad characters—such as  # / | [ ] { } < > @ % :, or double spaces between names. Do not use this for usernames with non-Latin characters as these are allowed. Also note that in some cases bugs in the tool may replace certain non-Latin characters in a username with invalid characters when filling in the username field on Special:Userlogin. In such cases it is recommended that you attempt to manually copy and paste the name as it appears in the ACC interface into the username field.
 * Password Reset if you have sent a password reset email to a similar username, because it was created recently and appears to belong to the requestor. Note that if it was created very recently (e.g. a few minutes after request) you can assume that the requester managed to create it and Drop the request.
 * Custom close the request and send a custom email to the user
 * Drop if the request is a bad request—for example a ban accompanies a drop, see below

The 'Defer' group allows you to send the request for the attention of a normal user, flagged user, or a checkuser.


 * Defer to flagged users if a user with the accountcreator permission needs to handle the request
 * Defer to checkusers if the request needs to be checked by a checkuser before continuing (this includes any IP Address in a blocked range, regardless of the reason or who placed it)

The SUL Taken option should be used when the requested name is part of a unified login—such as described in the previous section. If the username is similar to that of somebody on another wiki then the Similar option should be used, and if the username is the same as somebody on another wiki then Taken should be used.

When none of the above options describes the particular situation, you should use the Custom option. You would then be prompted for a custom email message that would be sent to the requester. The message you write will form the entire content of the email to the user; don't forget to sign your message with an adequate name.

Note: All of these links perform an action on the request and do not link to the relevant policy. All resolutions except the Defer and Drop resolutions send an e-mail to the requester indicating what has happened to the request. If the request was already closed or deferred to account creators, then the Defer to account creators link becomes Defer to users, which returns it to the main queue.

The Ban links group is only available to the tool administrators and contains the following three ban links:
 * Ban links
 * One for banning the IP address.
 * One to ban the E-Mail address.
 * One to ban the requested account name.

This group is located on the same line as the Email, IP Address, Username, and reservation information.

Tool administrators can change other users' access to the interface via User management. Available options—which vary based on the target user's status, are as follows:
 * Access
 * Approve — This allows newly-registered users to log in and use the interface.
 * Count — Checks the edit count of users needing approval.
 * Promote — Makes an approved user a tool administrator.
 * Demote — Makes a tool administrator a regular user.
 * Suspend — The equivalent of a block on Wikipedia. It is issued by a tool administrator and prevents the target user from logging in.
 * Unsuspend — The equivalent of unblocking someone. Undoes suspension and allows the user to resume using the interface.
 * Edit — Edit a user's email address and on-wiki username.
 * Rename — Rename a user's interface account.

An example user readout looks like this:

5. [ FastLizard4 / FastLizard4 ] Suspend! - Demote! (Promoted by Rjd0060 [P:6|S:3|A:21|Dm:0|D:2] )

The number really doesn't mean much, but the first name is the user's name on the interface. The second displays and links to the user's username on Wikipedia. The two links in blue are described above, the text in black indicates who approved/suspended/promoted the target user. The text in purple is the statistics for that admin being described in the particular entry—not the promoting admin. P is the number of promotions, S is the number of suspensions, A is the number of approvals, Dm is the number of demotions, and D is the number of accounts declined. As such, the purple statistics only appear for tool administrators.

Before adding a template, please check that it takes a signature as a parameter, or not at all. This is to prevent the bot signing as itself, rather than the person who created the account. Also, please add the template to the list here, so should the template appear at TfD or something and gets deleted, such as what happened here, it is actually shown as used.
 * Template management

The Last 5 Closed requests queue displays just that, the last five closed requests. Clicking Zoom brings you to the username's interface log. Clicking on the username brings you to that user's userpage, and Reset defers the request to users. Keep in mind that the email and IP addresses of closed requests is not visible.
 * Last 5 Closed requests

There is another section at the end, which is designed to prevent people from racing through requests just to make sure they review the request properly. This is called request reservations, where you can mark a request as being handled, so other users can see you are dealing with that request. The tool will not allow you to handle a request which has been reserved by another user.
 * Request reservation

Requests will be automatically unreserved when you close them, but there is nothing stopping you from marking a closed request as being handled. All currently reserved requests will show up on one of the statistics pages, accessible by clicking the Statistics link at the top of the page. The tool is currently set to warn users if they attempt to reserve more than 1 request. This is to attempt to discourage people from hogging lots of requests all at once. When you reserve a request, it will automatically take you to the zoom screen, to help focus you on that one request.

Personally identifying information

 * The ACC tool contains personally identifying information and is subject to the privacy policy. It can not be shared outside of the interface. Users who do violate this rule, risk indefinite suspension, and possibility of their identified status being revoked. Please see this email for more details.
 * Users may not post personally identifying information in the comments of a request, would not be following the Data retention policy. For example but not limited to: IP addresses, email addresses, real names, and excessive information about a block that could allow the IP to be found in the block log. Any violations of this rule will result in suspensions. See this email for more information.

Reservations

 * If you reserve a request and then need to go offline without completing the request, please break the reservation beforehand, so that another user can complete the request, unless you have good reason to require the request to be handled by yourself, in which case you must leave a comment. If you do not do this, the request will remain reserved and cannot be created by other users; a tool admin may forcefully break the reservation if you have left no indication as to why you need to keep the request reserved.

Script usage

 * Using a script or other program to automatically handle requests in any way (includes reserving) is not taken lightly and will probably result in account suspension. Using an automated refresher, however, is generally OK, as long as the refresh time is considerate to the toolserver's resources (at most once a minute). Remember there is a live feed of requests on IRC, this may be a better place to watch than the interface.

IP blocks and IP rangeblocks
Please see this email sent to the mailing list which details what do with requests which have active blocks affecting them.
 * If there is ANY rangeblock on the requesting IP or any indication of sockpuppetry, defer the request to CheckUsers. Users creating accounts in such cases without consulting a CheckUser will be suspended. There are exceptions to this:
 * If you placed the block yourself and you are sure the requester is not the block target;
 * Rangeblocks on Opera Mini ranges placed solely because it's an Opera Mini range;
 * Blocks which expressly ask ACC users to ignore the block;
 * Single IP blocks or rangeblocks affecting schools can be ignored only if the block is for vandalism, an anonblock, or schoolblock and the block is older than 1 week as it's likely they are collateral damage or CU is unable to tell and AGF would apply.
 * If you are uncertain or there are checkuser-related reasons for the block, defer it to CheckUsers.


 * When deferring a request to CheckUsers, please include a brief statement on the reason for deferral, this is especially the case if you are ignoring a part of the guide (such as deferring an older schoolblock, tell the CUs why you are deferring). Examples of deferral reasons include "single IP anonblock", "rangeblock for long term abuse", "similar account blocked for sockpuppetry", "see IP's talk page". Do not leave a comment that could allow someone to determine the IP (range) from the block log (for example avoid, admin names, exact dates, usernames as part of block reason). This is be considered to be releasing personally identifying information and be dealt with accordingly.
 * All Single IP blocks for vandalism and anonblock can be ignored if they are older than 1 week. If users feel the IP is static they may defer it to CheckUsers if the block is older than 1 week.
 * If there are other reasons to decline a rangeblocked (or single IP blocked) request such as a username policy violation, then decline it for this reason. That also means that even after seeing the range block you should run the other checks.
 * If the Whois determines that the IP belongs to AOL, then the IP address is not the correct IP address for that user; we have no way of finding the actual IP address.
 * If you have a request that you are going to decline or drop due to a single IP block, you need:
 * To be 100% sure that you are correct that this is the only person on the IP.
 * Using tools such as whatismyipaddress.com to find out if the IP is static or not is not sufficient on its own to determine this.
 * Approval from a CheckUser or tool admin (except where there is sockpuppetry involved) which is documented on the tool, before you carry out any action.
 * If you do not have either of these, then defer it to CU, even if it's already been there.
 * Open or anonymizing proxies, web hosts and Tor exit nodes. Blocks due to the IP or range being an open or anonymizing proxy, web host or Tor exit node (that is one of those reasons is given as the block reason) should be deferred to the proxy check queue unless you are capable of confirming that the block reason is still valid yourself. If the request's IP is confirmed to be an open proxy, the request should be custom closed with a message asking the requester to use a different IP address (see the example custom close below). If there is strong reason to believe that the IP is no longer an open proxy or web host a request should be made at WP:OP for the IP to be checked. Before making a request at WP:OP you should seek advice from an experienced ACC team member. Be extremely careful not to link the request at WP:OP to the ACC request as this would breach our privacy requirements and may get you suspended.

Hello and thank you for your interest in joining Wikipedia.

Looking at our logs, it appears the IP address you're requesting from belongs to a proxy or web hosting service. Open or anonymising proxies, including web hosts, are blocked from editing Wikipedia. While this may affect legitimate users, they are not the intended targets. No restrictions are placed on reading Wikipedia through an open or anonymous proxy.

Although Wikipedia encourages anyone in the world to contribute, open proxies are often used abusively. MediaWiki, the wiki software that powers Wikipedia, depends on IP addresses for administrator intervention against abuse, especially by anonymous users. Open proxies allow malicious users to rapidly change IP addresses, causing continuous disruption that cannot be stopped by administrators. Several such attacks have occurred on Wikimedia projects.

Unfortunately, you won't be able to edit while using this open proxy.

If you use a different IP address you may be able to create the account yourself at http://en.wikipedia.org/w/index.php?title=Special:Userlogin&type=signup. If so, I wish you all the best and hope you enjoy your time on Wikipedia. If you are still unable to create the account yourself, we will gladly process your new request here, and I look forward to hearing from you again.

<>


 * If you attempt to verify attributes of an IP address such as if it is shared, an open proxy, etc. on your own, you take full responsibility for your actions. If you make incorrect decisions without contacting a CheckUser first, you may be warned or suspended by a tool admin.

Real names relating to famous, popular, etc. persons

 * Where the requested username is a real name relating to famous, popular, etc. person the requester's identity needs to verified through the OTRS system. The standard in the username policy is that it the name or nickname has to relate to a "specific, identifiable" person. In terms of a test for ACC they should be notable enough to have a Wikipedia article however having an article doesn't necessarily mean that they are specific and identifiable and that there is a likelihood that someone is trying to impersonate them. If you believe that they are specific and identifiable and that them having the name may cause confusion, you will need to custom close the request letting them know that they need to email and verify their identity before you can continue with their request. If you aren't sure whether the above test is met, consult with a tool admin or experienced user, it is better to create the account in good faith (remembering that they can be blocked) then to send it to OTRS to deal with. Below is a sample email that should be used.

Hello and thank you for your interest in joining Wikipedia.

At this time, we can not create your account just yet as we are trying to prevent somebody from impersonating you (or impersonating someone you share a name with). You are welcome to use your real name, but you will need to prove you are who you say you are. You can do this by sending an e-mail to info-en@wikimedia.org and talking with our volunteers there. Be aware that e-mails are handled by a volunteer response team, and an immediate reply is not always possible. If the request sits for over a week, feel free to reply to this message and let us know it is taking a while, and we will try and speed up the process for you.

If this is not your name, you will need to edit under a different username, you may be able to create the account with the new username you have chosen yourself at https://en.wikipedia.org/wiki/Special:UserLogin/signup. If so, I wish you all the best and hope you enjoy your time on Wikipedia. If you are still unable to create the username yourself, we will gladly process your new request here.

<>

Promotional usernames

 * Requested usernames should only be declined as a username policy violation where it is clear that they are - remember to assume good faith. If you are in doubt, create the account and watch it, if it is engaging in promotional editing report to WP:UAA (as you would with any other promotional username and editing).

Checking for multiple requests

 * You should check for multiple requests from an IP address or an E-Mail address. To do so, click the Zoom button next to an open request or click the requested username in the list of last 5 closed requests, or go to the logs—see below and click a request number. At the end of the request line—like you see normally for all open requests, you will see the UTC date and time the request was submitted. Farther down the page you would also see a list of other requests—if any, from that IP address or E-Mail address. If there are multiple requests that are clearly from the same user, please ban the offender from sending requests to the tool. Please keep in mind that shared IP addresses are common. If you have multiple requests from the same IP address and the IP is static, defer to checkusers, if it's dynamic, assume good faith and create.

SUL

 * There is a bug which happens while creating an account: The SUL account is created, although it is not listed at the SUL util nor at Hersfold's Fake SUL tool. Please use Special:CentralAuth to check if the SUL account was created, but no local account. In this case leave a comment on the request explaining the situation and defer the request to on hold. The SUL account will delete itself after 24–48 hours and the account may be created.

Messages outside of the interface

 * If you need to make any form of a comment or question to the requester, either use the "Custom Close" button if you are immediately closing and need to explain something or email the user directly if you want the user to be able to respond to clarify something before you decide on how to close the request.
 * Make sure you carbon copy (CC) the mailing list on all emails related to ACC. If you believe the email should not be be sent to the ACC mailing list, or if it relates to the actions of tool users, you should carbon copy it to the tool administrators' mailing list,.
 * The mailing lists and IRC channel are relatively secure so personally identifying information may be discussed there. However, exercise good practice, if you don't need to share it don't - linking to a request is a good way to avoid discussing IP addresses and emails without naming them.
 * Releasing information from the tool, ACC or admins' mailing list, or ACC or admins' IRC channel outside of those places is an extremely serious matter and will get you indefinitely suspended. Also, the Foundation is takes the tool as about as serious as they do Special:CheckUser as our interface contains similar data available to tool users. Breaching this rule may result in the loss of identified status at meta and the inability to identify in the future. See this email for more information.

General notes

 * If the exact wording of the documentation prevents you from creating an account that you feel should be created, ignore it and leave a comment explaining why.
 * If your check of the "Creation log" shows that the user created the account themselves, just drop the request, as they don't need to be confused with any of our other messages. Please leave a comment saying they created the account themselves, so that other users know why you dropped the request.
 * The requesting user can not see any comments left in the request itself, all comments there will only be viewable by other tool users (or only administrators if you choose to mark the comment as "Admin Only"). Also see "personally identifying information" at the top of this section.
 * Please note on creates where there are no issues with the request such as vandalism, similar names, etc. there is no need to leave a comment like "Everything looks good with this request.".
 * If there is a comment on the request asking for, or suggesting, an action and you wish to do something different you must justify this in another comment. If the comment is from a tool admin or CheckUser acting in that position there must be another comment from a tool admin or CheckUser respectively authorizing you to ignore it. Discussion on IRC is not an excuse, it must be documented on the tool.

Creating accounts

 * Once you have reserved a request as above, and decided that the account should be created, click the Create! link next to the desired username. This will bring you to the MediaWiki account creation form. The name and email will be filled in automatically. Do not type in a password manually—simply click the By Email button and a randomly-generated one will be emailed to the user. If the By Email button isn't visible next to the Create Account button, you may need to login. If a message appears - stating the username is forbidden (example here), defer the request to an account creator who can override the MediaWiki:Titleblacklist. If you do accidentally type in a password and click Create Account, go to Special:Userlogin, type in the username and click Email new password. This will reveal your IP to the requester, so try to avoid doing this. Once the account has been created, click Created! next to the request on the ACC tool.

Custom closes

 * All custom closes should end with an Email signature. It is recommended that you add this to your preferences so it is automatically appended to any request closures you perform. If you do not, then you must add your signature at the end of your message every time you custom close a request.

Similar account names ("Flagged user needed")
Sometimes, Wikipedia will not allow you to create an account if the requested user name is (a) a perfect match of an existing global account or (b) too similar to an existing local account.

Perfect match

 * A perfect match is when the user name (including casing) is identical. If the requested account has a different casing (Apple versus APPLE), then defer to Too similar below.
 * As all user accounts are (becoming) globally unique, if the name exists on another wiki or in SUL already, don't create the account. (SUL taken and Similar may have to be reworded to reflect this change)

Too similar
In case of accounts that are 'too similar' to existing accounts, only ACC tool users with the account creator flag are able to create the account - only if the account the request is too similar to is inactive. ACC tool users without the account creator flag, though not allowed to create the too similar account requests, are allowed to decline requests (Similar, Taken, UPolicy...).

Inactive accounts are determined by the following qualities:
 * If the similar account has any edits on the English Wikipedia, then for it to be considered inactive, it must:
 * Have been created over one year ago. (accounts created before 2006 have no date in Wikipedias database and thus the SUL util doesn't state anything in that row and in Hersfold's Fake SUL it is marked as ERR, @ ::)
 * The username has fewer than the sum of about fifteen global edits, none of which were within the last year.
 * Last edit was made over one year ago.
 * Last entry in logs occurred over one year ago.


 * If the similar account has zero edits on the English Wikipedia:
 * The username must have fewer than the sum of about fifteen edits globally, none of which were within the last 6 months.
 * Be older than 6 months.

Based on the above rules, if the account the request is too similar to is active, then click Similar to close the request as too similar to an active account.

If the account the request is too similar to is inactive, you can go ahead and create the account, provided you are a flagged user, if not, you must break your reservation to allow a flagged user to create the account. Creating such an account should only be done after you have conducted all relevant checks required for any new account request. In order to create the account, you must check the "Ignore spoofing checks" box on the account creation page. This tells the MediaWiki software to ignore any similarity(ies) between the requested account and existing similar account(s), and thus allow the requested account to be created.

Tool administrators
Tool administrators (tool admins) are trusted users who can, among other things, edit interface messages—they can use the Edit! buttons in Message management and Template management, and have access to a fifth option invisible to other users, User management, which allows them to approve, promote, demote, and suspend users. However, abuse of these tools is not tolerated, and the interface is not a toy. Abuse will result in immediate loss of access and tools!

Interface developers
The interface developers are the team who have commit access to the tool, and as such can modify the latest development version of the tool in the code repository. If you want something to be changed or added, or find a bug, you can contact one of them, but it's probably better to file a bug in the bug-tracker on GitHub. You can see the current development team on this page: ~acc/team.php.

The tool roots are SQL (retired), Cobi, OverlordQ (currently inactive) , Stwalkerster and DeltaQuad. They have access to the server that runs the tool, and are the only people who can modify the configuration of the tool, and update the tool to a new version. The tool roots also act as the liaison between the toolserver administrators, and the rest of the tool users. The tool developers and roots reserve the rights to modify the tool as necessary, and to remove access to the tool for any reason as they see fit.

CheckUsers
CheckUsers on Wikipedia should have a flag set on their tool account that allows them to have access to CheckUser-only information from the tool. If you are a CheckUser and do not have the flag set on your tool account or are unsure if the flag is already set, please contact one of the tool roots (Cobi, Stwalkerster or DeltaQuad) and they will set the flag for you.