The Super Admin role is a predefined administrative role and the only role with full administrative permission for the entire deployment. A Super Admin can:
- Delegate roles to all other administrators.
- Create the security domain hierarchy.
The Super Admin is created during deployment. Only a Super Admin can perform certain critical tasks. A deployment must have at least one Super Admin.
If a Super Admin is deleted, use the Super Admin Restoration utility, restore-admin, to create a new Super Admin. RSA recommends that you assign the Super Admin role to only the most trusted administrators.
You need to restore a Super Admin if any of the following conditions exist:
- The sole Super Admin has been deleted from the deployment.
- No users have been assigned the Super Admin role.
- The sole Super Admin has been locked out.
If a Super Admin has been locked out, recovery can occur in any of the following ways:
- Another Super Admin can manually unlock the Super Admin.
- If the lockout policy that applies to the Super Admin allows auto-unlock, you can wait for lockout to expire.
If the previous methods fail, use the Super Admin Restoration utility. For instructions, see Restore the Super Admin.
We want your feedback! Tell us what you think of this page.