Privilege escalation prevention
The following list of security recommendations is designed to prevent privilege escalation for administrator roles with a minimum of overhead:
Risk
Protect the superadmin role with PEPAR.
Risk
Only add additional roles to PEPAR if needed. Fewer roles reduce the complexity of the configuration.
Risk
Admin users with configuration management privileges (edit and apply configuration) can escalate their privileges. It is recommended to limit configuration management to the superadmin role.
Risk
PEPAR does not prevent the enumeration of all admin user accounts if an administrator has the create administrator permission.
Further information and links (optional block)
- See Privilege escalation protection for more information.