In the realm of access management and security, establishing distinct roles with specific privileges is essential for maintaining a secure and organized system. However, there are instances where organizations require a hierarchical structure where certain roles possess the authority to create or modify other roles. This Knowledge Base article addresses the feasibility of creating a custom role with the capability to create or update another custom role and its associated privileges within Advanced Authentication.

Advanced Authentication 9.1.01

Feasibility Assessment:

Upon investigation and testing, it has been confirmed that the ability to create or modify roles and their privileges is restricted to the Master Administrator. In the context of the system, only the Master Admin has access to the "Manage Roles" functionality, whereas users under other custom roles, including "Global Admin," "Org Admin," and "User Admin," do not have visibility or access to this feature.

Test Case and Results:

To validate the feasibility of establishing a custom role with such authority, a series of tests were conducted. Three different custom roles were created based on available roles, and corresponding users were assigned to each role. However, none of the users, irrespective of their custom role assignments, could access the "Manage Roles" functionality. Therefore, based on these tests and system behavior, it is concluded that it is not feasible to create a custom role with the authority to create or modify another custom role and its associated privileges.

Summary of Administrative Privileges:

For a comprehensive understanding of the administrative privileges available within the system, refer to the following table: Summary of Administrative Privileges

Limitations on Master Admin Activation/Deactivation:

It is crucial to note that the activation or deactivation of the Master Admin is neither feasible nor possible within the system. The Master Administrator functions as the super user, possessing unrestricted access to the entire system. As such, the role of the Master Admin remains immutable for system integrity and security purposes. Please refer to Master Administrator.