Difference between revisions of "Super Admin"

From Studentnet Wiki
Jump to navigation Jump to search
Line 8: Line 8:
 
*Give to limited users
 
*Give to limited users
 
*Must have MFA enabled for users with Super Admin role
 
*Must have MFA enabled for users with Super Admin role
 +
*Set roles with specific permissions for specific scenarios
  
 
===Do not use for daily use===
 
===Do not use for daily use===
Line 24: Line 25:
 
Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.  
 
Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.  
 
To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.
 
To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.
 +
 +
===Set roles with specific permissions for specific scenarios===
 +
To limit the use of Super Admin privilege, it is best to create roles that do a specific task. Such as specific role that only allows for the creation of users.
  
  
 
[[Category:Admin Roles]]
 
[[Category:Admin Roles]]

Revision as of 02:22, 4 February 2020

Super Admin

Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard. The use of Super Admin should be used or given with careful consideration.

Some best practices for using/giving Super Admin privileges:

  • Do not use Super Admin for daily use
  • Super Admins must have a separate account for daily use
  • Give to limited users
  • Must have MFA enabled for users with Super Admin role
  • Set roles with specific permissions for specific scenarios

Do not use for daily use

Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required. This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account.

Super Admins should have a separate account for daily use

Since Super Admin accounts should not be used for daily use, a Non-Super Admin account should be created for daily use. This limits the risk of accidental changes that may occur with daily use of an administrator account.

Give to limited users

Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users. This reduces the number of potential breaches for your school's dashboard.

Must have MFA enabled for users with Super Admin role

Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable. To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.

Set roles with specific permissions for specific scenarios

To limit the use of Super Admin privilege, it is best to create roles that do a specific task. Such as specific role that only allows for the creation of users.