Sub-admin Managed Objects
Sub-admin Managed Objects Overview
Admins in the system assign a managed object to the specific sub-admin via Sub-admin Managed Objects
and allow specific users to act as administrators within the tiCrypt system for their team.
The sub-admin has access to the tab within the tiCrypt system, but it would only list members, VMs, projects, etc., associated with the admin's assigned team.
- Sub-admins are allowed to activate team members, change team members' permissions, manage projects or any other admin action for that specific team only.
- Similar to admins, sub-admins' work is limited and cannot interfere with other research projects that are not associated with the sub-admin or the team they manage.
- The system applies similar cryptographic principles to both admins and sub-admins,preventing data access unless explicitly uploaded or shared with the admin or sub-admin.
The Three Guiding Sub-admin Principles
If a user is deactivated and belongs to no team
- The sub-admin can place the new user into their team.
- The action allows sub-admins to onboard and activate users without needing a Super Admin/RC Admin.
- The principle prevents the sub-admin from managing already existing members in the system that are not part of the defined team.
If a user explicitly belongs to a team
- The sub-admin can directly manage the user.
If a user is removed from a team and is no longer a member of any team
- The user account becomes deactivated, and default permissions are restored.
- Once the account is deactivated, a Super Admin/RC Admin will need to change the role.
- The rule is in place to prevent possible malicious permission changes.
- Subadmins can create new teams, but new teams will have a default quota. The quota will need to be increased by the Super Admin/RC Admin. This process will prevent sub-admins from over-utilizing (or over-allocating) resources in the system without permission from RC.
Create a Sub-admin Managed Object
To create a new sub-admin managed object navigate to tab in the Sub-admin Managed Objects
section.
- Click the in the top right.
- In the prompt, type the name of the sub-admin you would like to assign the managed objects to.
- Select the object type:
Team
orProject
.- Type in the team you would like them to manage. (or)
- Select the project you would like them to manage.
- Click .
note
The following action may be executed for users with sub-admin roles only.
Delete a Sub-admin Managed Object
To delete an existing sub-admin managed object navigate to tab in the Sub-admin Managed Objects
section.
- Select the sub-admin managed object you want to delete.
- Click the
Revoke management rights
in the top right. - In the prompt, click .