Difference between revisions of "Super Admin"

From Studentnet Wiki
Jump to navigation Jump to search
Line 18: Line 18:
 
===Super Admins must have a separate account for daily use===
 
===Super Admins must have a separate account for daily use===
 
Since Super Admin accounts must not be used for daily use, a Non-Super Admin account should be created for daily use.
 
Since Super Admin accounts must not be used for daily use, a Non-Super Admin account should be created for daily use.
 +
 +
Only use the Super Admin accounts for the required task then log out of the Super Admin account.
  
 
This limits the risk of accidental changes that may occur with daily use of an administrator account.
 
This limits the risk of accidental changes that may occur with daily use of an administrator account.
 +
 +
As well as limit the chance of phishing attacks.
  
 
===Give to limited users===
 
===Give to limited users===

Revision as of 02:45, 4 February 2020

Super Admin

Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard.

The use of Super Admin should be used or given with careful consideration.

Some best practices for using/giving Super Admin privileges:

  • Do not use Super Admin for daily use
  • Super Admins must have a separate account for daily use
  • Give to limited users
  • Must have MFA enabled for users with Super Admin role
  • Set roles with specific permissions for specific scenarios

Do not use Super Admin for daily use

Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required.

This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account.

Super Admins must have a separate account for daily use

Since Super Admin accounts must not be used for daily use, a Non-Super Admin account should be created for daily use.

Only use the Super Admin accounts for the required task then log out of the Super Admin account.

This limits the risk of accidental changes that may occur with daily use of an administrator account.

As well as limit the chance of phishing attacks.

Give to limited users

Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users.

This reduces the number of potential breaches for your school's dashboard.

Must have MFA enabled for users with Super Admin role

Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.

To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.

Set roles with specific permissions for specific scenarios

To limit the use of Super Admin privilege, it is best to create roles that do a specific task.

Such as specific role that only allows for the creation of users.

This limits the chances of users making unauthorised changes.