Privilege escalation protected administrator roles (PEPAR) protect certain administrative functions against privilege escalation.
The concept is applicable to all Adminapp roles but focuses on the following features:
Feature | PEPAR benefit |
---|---|
Administrators management | Creating new Adminapp users or assigning roles to existing administrators may lead to privilege escalation. PEPAR - if configured accordingly - prevents it. Group of actions in the Role-based Access Control plugin: Administrator management |
Configuration | Adminapp users with the right to edit and activate the IAM configuration may grant themselves all possible privileges by editing the configuration. Roles including these rights are therefore susceptible to privilege escalation. PEPAR - if configured accordingly - prevents it. Group of actions in the Role-based Access Control plugin: Configuration management |