Skip to main content

Sub-admin Managed Objects

Sub-admin Managed Objects Overview

Admins in the system assign a managed object to the specific sub-admin via Sub-admin Managed Objects and allow specific users to act as administrators within the tiCrypt system for their team.

The sub-admin has access to the tab within the tiCrypt system, but it would only list members, VMs, projects, etc., associated with the admin's assigned team.

  • Sub-admins are allowed to activate team members, change team members' permissions, manage projects or any other admin action for that specific team only.
  • Similar to admins, sub-admins' work is limited and cannot interfere with other research projects that are not associated with the sub-admin or the team they manage.
  • The system applies similar cryptographic principles to both admins and sub-admins,preventing data access unless explicitly uploaded or shared with the admin or sub-admin.

The Three Guiding Sub-admin Principles

If a user is deactivated and belongs to no team

  • The sub-admin can place the new user into their team.
  • The action allows sub-admins to onboard and activate users without needing a Super Admin/RC Admin.
  • The principle prevents the sub-admin from managing already existing members in the system that are not part of the defined team.

If a user explicitly belongs to a team

  • The sub-admin can directly manage the user.

If a user is removed from a team and is no longer a member of any team

  • The user account becomes deactivated, and default permissions are restored.
  • Once the account is deactivated, a Super Admin/RC Admin will need to change the role.
  • The rule is in place to prevent possible malicious permission changes.
  • Subadmins can create new teams, but new teams will have a default quota. The quota will need to be increased by the Super Admin/RC Admin. This process will prevent sub-admins from over-utilizing (or over-allocating) resources in the system without permission from RC.

Create a Sub-admin Managed Object

To create a new sub-admin managed object navigate to tab in the Sub-admin Managed Objects section.

  • Click the in the top right.
  • In the prompt, type the name of the sub-admin you would like to assign the managed objects to.
  • Select the object type: Team or Project.
    • Type in the team you would like them to manage. (or)
    • Select the project you would like them to manage.
  • Click .

The following action may be executed for users with sub-admin roles only.

Delete a Sub-admin Managed Object

To delete an existing sub-admin managed object navigate to tab in the Sub-admin Managed Objects section.

  • Select the sub-admin managed object you want to delete.
  • Click the Revoke management rights in the top right.
  • In the prompt, click .