Admin user deleted by your primary admin user.

Urdanegui Castillo 10 months ago

Good afternoon community.
I have a server, and while testing between users, I activated an administrator account from my main administrator account.

All well and good, but the sub-admin created by the main admin account has access to the first admin's user list and can view the first admin and remove him from the list.
Clicking on delete user displays the warning and also displays the permission restriction warning.

But the primary admin's account has still been deleted.

Is there a way around this, so that you can create admin accounts and prevent a sub-admin from deleting the primary admin's user account and gaining full control of the server?
Obviously I can't put it as a read-only admin, otherwise it won't do any good for it to be admin.

This image shows all users, viewed from the admin2 account

In this image, the admin has already been removed The warning is displayed but does not prevent deletion

In this image all admin users were removed without any restrictions

Is there anything I should know, or am I opening a debate without knowing everything?

Anton Tananaev10 months ago

What is primary admin? There's no such concept. Any account with admin rights has access to everything.

Urdanegui Castillo 10 months ago

Then everyone can eliminate everyone. There is no Super User and then the other admins as it should be in reality.

  1. Primary User Superuser (ADMINISTRATION)
    1. User 1
    2. user 2
    3. user 3
  2. Admin User
    1. User 1
    2. user 2
    3. user 3

The first admin user has access to user -1/-2/-3 and admin 2 and its users 1/2/3

But Admin 2 has access to their user *1/*2/*3 but not access to Admin 1's users.

From my point of view, I think that should be the case.

And prevent admin users from deleting their primary user.

Anton Tananaev10 months ago

Have you heard of a manager user? To me it sounds like that's what you're looking for.

Urdanegui Castillo 10 months ago

Yes, of course, but if the admin user creates another admin, this second admin can delete me.

Anton Tananaev10 months ago

Admin is an admin. It has full access. It works like this pretty much everywhere.

Urdanegui Castillo 10 months ago

I understand perfectly, but if by a fortuitous event it happens that

Subject 1- You want to have an administrator account.

Subject 2- You want to have an administrator account
Subject 3- You want to have an administrator account

Each of them will be able to create their users and add their devices. But if for a reason x Subject 1 eliminates Subject 3 or Subject 3 eliminates Subject 2. Who controls that? Since you have access to the subject information of both the 123 and all 3 subjects?

Anton Tananaev10 months ago

Why do you need admin instead of manager?

Urdanegui Castillo 10 months ago

The user manager can't create users, they can only manage them. Then there is some option to allow the manager to create their own users and not be limited to just managing the ones assigned to them by the admin

Anton Tananaev10 months ago

The user manager can't create users

Not sure where you got this information from, but it's completely false.

Yehiel10 months ago

There is a lack of understanding here. I will explain. There is an administrator role and then really anyone can delete the other, but there is an administrator who only manages the users under him. How do you create such a simple administrator instead of the "permissions" do not mark anyone and define a number of users for the account and then he can manage the Everyone below him without being able to delete the main manager

Anton Tananaev10 months ago

Yeah, there's some major misunderstanding. What you're describing is a manager role, not admin. And it already exists.

Urdanegui Castillo 10 months ago

Perfect I understood, thank you very much for the reply. It was a mistake and a lack of understanding, maybe the day-to-day.

I'll close the subject.