Sub-admin Managed Objects
What are the Sub-admin Capabilities in a Team or Project?
Sub-admins can perform the following actions in the team and project they manage:
- Manage the users.
- Change user permissions.
- Activate user accounts.
- Disable accounts temporarily.
- Perform most of the admin actions.
If a new user has just registered for an account, which is by default deactivated, the new user will be visible to all sub-admins until activated by a sub-admin or admin.
Can the Sub-admin Give Users Access to any Group in the system?
Neither super-admins, admins, nor sub-admins can share access to groups since they are entirely cryptographic.
The tiCrypt backend cannot add anyone to a group unless the group members explicitly share the group key with the sub-admin.
If the super-admin, admin, or sub-admin are the owners of the group, they can grant access to users to join their group.
What are the Sub-Admin Managed Temporary Projects?
Sub-admins are typically assigned to projects on a temporary basis. In this case, they must request the admin to assign a project membership expiration date upon joining the project.
Once the expiration date has passed, the sub-admin will lose access to the project unless an admin updates their membership.
Sub-admins can temporarily register project members using the Existing memberships option when adding a new user.
Follow the instructions in Assign a Temporary Project to Sub-Admin.
What are the Sub-admin Managed Virtual Machines?
For every project or team assigned to a sub-admin, the virtual machine tagged with the same project or registered under the same team will be accessible to the sub-admin.
As a sub-admin, you can start or stop a VM, manage VM users and drives, and share, edit, or delete them, as long as the VMs are associated with the team or project you manage.
What are the Sub-admin Managed Teams?
Sub-admins, assigned by an admin or super-admin, manage user teams based on access. They can:
- Add new members to the team.
- Manage existing team members.
- Monitor device limits and team quotas.
- Make team announcements as needed.
What is the role of Sub-admins in Groups?
Groups are not sub-admin-managed objects because they are private to all users.
Anyone with the necessary permissions can create groups.
Sub-admins can delegate administrative tasks without relinquishing full system control.
This is achieved by enabling sub-admins to act as admins within specific areas, including as group owners.
Sub-admins are tied to ACLs through permissions and may also be linked to groups cryptographically.
Do not confuse Groups with VM Groups, as they are fundamentally different.
What User Roles Can Change My Permissions?
Only users with higher roles can modify your permissions. For example, a sub-admin can modify permissions for users in their team or project but cannot alter permissions for an admin.
Where do Sub-admin Permissions Apply in tiCrypt?
Sub-admin permissions apply only to a subset of the system, specifically Sub-admin managed objects. These permissions are also accessible from the Open overlay.
How to Define Sub-admin Responsibilities in the System?
Sub-admins act as the "local admins" of the system. They may be responsible for the Teams or Projects they are assigned to.
Follow the instructions in Assign a Team to Sub-Admin, and Assign a Project to Sub-Admin.
You can directly assign a sub-admin to an existing tagged or untagged project or team.