Granting the "Super User" Permission
"Super User" is a special permission in AtScale that can be assigned only to individual users, not to roles. Users with the "Super User" permission bypass all access control checks in AtScale.
Before you begin
- You must be logged in as a super user to grant or revoke the "Super User" permission.
- If you are using local authentication for your users, ensure that the users that you want to assign roles to have been added to AtScale.
Restriction: Use AtScale's local directory service for testing only. Do not use it in production environments. This directory service is not meant to support the types of workloads that are common to production environments. Before using AtScale in production, configure your AtScale organization to use an external directory service, such as Microsoft Active Directory, another LDAP service, or Google G Suite Directory.
- If you are using external authentication for your users, ensure that groups in your directory service are mapped to AtScale roles, and that the user accounts that you want to assign roles are synchronized to AtScale.
About this task
Super users can do the following additional actions above and beyond the system permissions assigned to their role:
- Create organizations
- Delete organizations
- Set global configuration properties
- Administer users, roles, and groups in all organizations
- Administer runtime and design permissions on projects and cubes in all organizations
- Grant or revoke super user permission for other users
- Bypass all access control checks on projects and cubes
You must always have at least one super user in AtScale.
Procedure
To grant the "Super User" permission to a user:
- Choose Security from the main navigation, then click on Users.
- Click the user ID that you want to grant the permission to.
Note: If you do not see the user ID in the Users list, click to Role Assignments and assign the user to the Organization Admin role in the current organization.
- Select the Super User check box and then click Update Account.