Difference between revisions of "Super Admin"
| Line 1: | Line 1: | ||
==Super Admin== | ==Super Admin== | ||
Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard. | Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard. | ||
| + | |||
The use of Super Admin should be used or given with careful consideration. | The use of Super Admin should be used or given with careful consideration. | ||
| Line 12: | Line 13: | ||
===Do not use for daily use=== | ===Do not use for daily use=== | ||
Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required. | Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required. | ||
| + | |||
This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account. | This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account. | ||
===Super Admins should have a separate account for daily use=== | ===Super Admins should have a separate account for daily use=== | ||
Since Super Admin accounts should not be used for daily use, a Non-Super Admin account should be created for daily use. | Since Super Admin accounts should not be used for daily use, a Non-Super Admin account should be created for daily use. | ||
| + | |||
This limits the risk of accidental changes that may occur with daily use of an administrator account. | This limits the risk of accidental changes that may occur with daily use of an administrator account. | ||
===Give to limited users=== | ===Give to limited users=== | ||
Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users. | Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users. | ||
| + | |||
This reduces the number of potential breaches for your school's dashboard. | This reduces the number of potential breaches for your school's dashboard. | ||
===Must have MFA enabled for users with Super Admin role=== | ===Must have MFA enabled for users with Super Admin role=== | ||
Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable. | Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable. | ||
| + | |||
To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account. | To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account. | ||
===Set roles with specific permissions for specific scenarios=== | ===Set roles with specific permissions for specific scenarios=== | ||
| − | To limit the use of Super Admin privilege, it is best to create roles that do a specific task. Such as specific role that only allows for the creation of users. | + | To limit the use of Super Admin privilege, it is best to create roles that do a specific task. |
| + | |||
| + | Such as specific role that only allows for the creation of users. | ||
This limits the chances of users making unauthorised changes. | This limits the chances of users making unauthorised changes. | ||
[[Category:Admin Roles]] | [[Category:Admin Roles]] | ||
Revision as of 02:28, 4 February 2020
Contents
Super Admin
Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard.
The use of Super Admin should be used or given with careful consideration.
Some best practices for using/giving Super Admin privileges:
- Do not use Super Admin for daily use
- Super Admins must have a separate account for daily use
- Give to limited users
- Must have MFA enabled for users with Super Admin role
- Set roles with specific permissions for specific scenarios
Do not use for daily use
Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required.
This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account.
Super Admins should have a separate account for daily use
Since Super Admin accounts should not be used for daily use, a Non-Super Admin account should be created for daily use.
This limits the risk of accidental changes that may occur with daily use of an administrator account.
Give to limited users
Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users.
This reduces the number of potential breaches for your school's dashboard.
Must have MFA enabled for users with Super Admin role
Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.
To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.
Set roles with specific permissions for specific scenarios
To limit the use of Super Admin privilege, it is best to create roles that do a specific task.
Such as specific role that only allows for the creation of users.
This limits the chances of users making unauthorised changes.
