Managing administrator privileges as super administrator
The super administrator holds all privileges and decides whether to grant other administrators access to:
- to the SMC web interface in read/write or read-only mode,
- the firewall web interface in read/write or read-only mode,
- the command line interface in SSH,
- the command line interface via the console on a hypervisor.
The super administrator can also restrict administrators' write access privileges to only certain folders, and therefore to only certain firewalls. For more information, refer to the section Restricting folder administrators' access privileges. This restriction does not apply to access via SSH and console.
Administrators who are allowed to access the command line interface in SSH or via the console on a hypervisor must request privilege escalation by using the “sudo” command to run certain commands relating to the system (network, user accounts, system files, etc.):
It is also the super administrator who assigns permissions to other administrators to create or revoke API keys that allow SMC's public API routes to be used.
In order for this action to be available, the public API must be enabled from SMC's web interface. For more information on SMC's public API, refer to the section Enabling and managing SMC's public API.