Skip to main content

Subadmin Section

Sub-admin Managed Objects

Sub-admins within the system allows specific users to act as administrators within the tiCrypt system for their team. Admins in the system assign a managed object to the specific subadmin.

The subadmin has access to the Management tab within the tiCrypt system, but it would only list members, VMs, projects, etc., associated with the admin's assigned team. This allows for a subadmin to activate team members, change team members' permissions, manage tiCrypt projects, or any other admin action for that specific team only. By limiting the scope of the subadmin, the admin cannot interfere or become a bad actor with other research projects not associated with the admin. The same cryptographic policies apply throughout the system, which is that any admins do not have access to data within the system unless uploaded by the admin or explicitly shared with the admin.

Three guiding principles act as rules for a subadmin.

  1. If a user is deactivated and belongs to no team, a subadmin can place this new user into their team. This allows for subadmins to onboard and activates users without the need for a Super Admin/RC Admin. This rule prevents the subadmin from managing already existing members in the system that are not part of the defined team.
  2. If a user explicitly belongs to a team, that the subadmin can manage user.
  3. If a user is removed from a team and is no longer a member of any team, the account becomes deactivated, and default permissions are restored. Once the account is deactivated, a Super Admin/RC Admin will need to change the role. This rule is in place to prevent possible malicious permission changes. subadmins can create new teams, but new teams will have a default quota. The quota will need to be increased by the Super Admin/RC Admin.

This will prevent subadmins from over-utilizing (or over-allocating resources) in the system without permission from RC.

The only action in this tab is to "Remove the manager of unit". This can be accomplished by clicking on the three vertical dots to the right of each manager name.