Overview

With the introduction of admin user promotion and demotion capabilities in VRMS (see #1746), it’s critical that we implement safeguards to prevent the removal or modification of permissions by a rogue admin. To ensure the security of admin permissions, we’ve decided to create a dedicated super admin account ([email protected]) that is immune to modifications by other admin users. This account will have locked admin status, which cannot be altered. When another admin accesses the super admin’s EditUser page, the page will be view-only, preventing any changes while maintaining visibility.

Action Items

• Create user on Dev and Prod with ([email protected])
• Promote user to Admin on Dev (Josh)
• Promote user to Admin on Prod (Josh)
• @ntrehan to discuss with @trillium & @jbubar how to implement this feature
• Use email address to identify/filter user: [email protected] (reasoning - this user has different names on Dev and Prod, but the same email is used - "VRMS ADMIN" on Prod, & "VRMS VRMS" on Dev currently).
• WHEN another admin user is viewing the super admin's "EditUser's" page, Disable features from being edited on the super admin's page (i.e., make the page "view-only" when viewed by another admin user):
  • "Is Active",
  • "VRMS Admin",
  • "Remove" Project function (once a project has been added to the user's profile, the user is ,
  • "Select a project"
• WHEN the super admin user ([email protected]) is editing their own page, all of these features should be enabled.

Resources/Instructions

• This issue is part of this epic: Epic - User Permission Search #1737