5.4. Privilege escalation prevention

The following list of security recommendations is designed to prevent privilege escalation for administrator roles with a minimum of overhead:

Protect the superadmin role with PEPAR.

Only add additional roles to PEPAR if needed. Fewer roles reduce the complexity of the configuration.

Admin users with configuration management privileges (edit and apply configuration) can escalate their privileges. It is recommended to limit configuration management to the superadmin role.

PEPAR does not prevent the enumeration of all admin user accounts if an administrator has the create administrator permission.

Further information and links (optional block)