Difference between revisions of "Super Admin"

From Studentnet Wiki
Jump to navigation Jump to search
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Super Admins have full permissions on every feature within the Dashboard. Organisational unit restrictions on granted permissions do not apply to this role.
+
==Super Admin==
  
;Examples of permissions that Super Admins have include:
+
The use of Super Admin should be used or given extremely sparingly.
  
:Editing, creating, uploading and deleting various groups and users
+
Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard.
:Editing, creating and deleting Organisational units and sync profiles
 
:Editing, creating and deleting services
 
:Editing the various themes within the dashboard
 
  
 +
Some best practices for using/giving Super Admin privileges:
 +
*Do not use Super Admin for daily use
 +
*Super Admins must have a separate account for daily use
 +
*Give to limited users
 +
*Must have MFA enabled for users with Super Admin role
 +
*Set roles with specific permissions for specific scenarios
 +
 +
===Do not use Super Admin for daily use===
 +
Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required.
 +
 +
This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account.
 +
 +
===Super Admins must have a separate account for daily use===
 +
Since Super Admin accounts must not be used for daily use, a Non-Super Admin account should be created for daily use.
 +
 +
Only use the Super Admin accounts for the required task then log out of the Super Admin account.
 +
 +
This limits the risk of accidental changes that may occur with daily use of an administrator account.
 +
 +
As well as limit the chance of phishing attacks.
 +
 +
===Give to limited users===
 +
Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users.
 +
 +
This reduces the number of potential breaches for your school's dashboard.
 +
 +
===Must have MFA enabled for users with Super Admin role===
 +
Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.
 +
 +
To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.
 +
 +
===Set roles with specific permissions for specific scenarios===
 +
To limit the use of Super Admin privilege, it is best to create roles that do a specific task.
 +
 +
Such as specific role that only allows for the creation of users.
 +
 +
This limits the chances of users making unauthorised changes.
  
 
[[Category:Admin Roles]]
 
[[Category:Admin Roles]]

Latest revision as of 22:35, 4 February 2020

Super Admin

The use of Super Admin should be used or given extremely sparingly.

Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard.

Some best practices for using/giving Super Admin privileges:

  • Do not use Super Admin for daily use
  • Super Admins must have a separate account for daily use
  • Give to limited users
  • Must have MFA enabled for users with Super Admin role
  • Set roles with specific permissions for specific scenarios

Do not use Super Admin for daily use

Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required.

This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account.

Super Admins must have a separate account for daily use

Since Super Admin accounts must not be used for daily use, a Non-Super Admin account should be created for daily use.

Only use the Super Admin accounts for the required task then log out of the Super Admin account.

This limits the risk of accidental changes that may occur with daily use of an administrator account.

As well as limit the chance of phishing attacks.

Give to limited users

Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users.

This reduces the number of potential breaches for your school's dashboard.

Must have MFA enabled for users with Super Admin role

Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.

To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.

Set roles with specific permissions for specific scenarios

To limit the use of Super Admin privilege, it is best to create roles that do a specific task.

Such as specific role that only allows for the creation of users.

This limits the chances of users making unauthorised changes.