Skip to main content

Super Admin

Super Admin is the administrator of the whole system, we can use it in models like RBAC, ABAC and RBAC with domains etc. The detailed example is as follows:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"

It illustrates that as for the defined request_definition, policy_definition, policy_effect and matchers, Casbin judges if the request can match the policy, or most importantly, if the sub is root. Once the judgment is correct, the authorization then is allowed, and the user has permission to do everything.
Just like the root of Linux systems, after the users are authorized as root, then we have the permissions to access all the files and settings. So if we want sub to have the full access to the whole system, we can let it become the super admin, then the sub has the permission to do everything.