Skip to main content

Sub-admin Section

Sub-admin Managed Objects

Sub-admins within the system allow specific users to act as administrators within the tiCrypt system for their team. Admins in the system assign a managed object to the specific sub-admin via Sub-admin Managed Objects.

The sub-admin has access to the tab within the tiCrypt system, but it would only list members, VMs, projects, etc., associated with the admin's assigned team.

This allows for a sub-admin to activate team members, change team members' permissions, manage tiCrypt projects, or any other admin action for that specific team only. By limiting the scope of the sub-admin, the admin cannot interfere or become a bad actor with other research projects not associated with the admin. The same cryptographic policies apply throughout the system, which is that any admins do not have access to data within the system unless uploaded by the admin or explicitly shared with the admin.

Three guiding principles act as rules for a sub-admin.

    1. If a user is deactivated and belongs to no team, a sub-admin can place this new user into their team. This allows for sub-admins to onboard and activates users without the need for a Super Admin/RC Admin. This rule prevents the subadmin from managing already existing members in the system that are not part of the defined team.
    1. If a user explicitly belongs to a team then the sub-admin can directly manage the user.
    1. If a user is removed from a team and is no longer a member of any team, the account becomes deactivated, and default permissions are restored. Once the account is deactivated, a Super Admin/RC Admin will need to change the role. This rule is in place to prevent possible malicious permission changes. subadmins can create new teams, but new teams will have a default quota. The quota will need to be increased by the Super Admin/RC Admin.

This will prevent sub-admins from over-utilizing (or over-allocating resources) in the system without permission from RC.

Create a Sub-admin Managed Object

To create a new sub-admin managed object:

  • Go to tab in the Sub-admin Managed Objects section.
  • Click the Create Managed Object at the top right corner.
  • Type in the name of the sub-admin you would like to assign the managed objects to.
  • Select the object type: Team or Project.
    • Type in the team you would like them to manage. (or)
    • Select in the project you would like them to manage.
  • Click in the bottom right.
note

The following action may be executed for users with sub-admin roles only.

Create Suub-admin Managed Object

Delete a Sub-admin Managed Object

To delete an existing sub-admin managed object:

  • Go to tab in the Sub-admin Managed Objects section.
  • Select the sub-admin managed object from the list by checking the checkbox in front of it
  • Click the Revoke management rights at the top right corner.
  • Click in the bottom right
Delete Sub-admin Managed Object