🔐 User Privilege Management
👤 User “super”
🔹 Privileges: ❌ None. This user has no access to any system functionality and cannot perform operations.
🔹 Recommended Use: System accounts that must exist but without active permissions.
🏆 Roles with Privileges
👑 Higher (Total Administrator)
✅ Full access to all administrative functions.
✅ Can assign, modify, or revoke privileges of other users.
✅ Can monitor the system through audits and reports.
✅ Access to advanced configurations and sensitive data.
⚙️ Operator
✅ Manages daily operations (monitoring and executing tasks).
✅ Limited access to non-critical technical configurations.
❌ Cannot modify privileges or access sensitive information.
🛠️ Technician
✅ Resolves technical issues and maintains the system.
✅ Restricted access to specific technical configurations (such as updates).
❌ Cannot manage users or access sensitive data.
🔎 Nominal Users
✅ Limited access to functions necessary for their tasks.
✅ Can view data or perform basic operations according to their profile.
❌ Cannot modify configurations or access critical information.
📜 Principles of Privilege Management
🔒 Least Privilege: Each user should only have the permissions strictly necessary to reduce risks.
📅 Periodic Review: Privileges will be reviewed at least every 6 months to keep them up to date.
🕵️ Audit: Actions of privileged users must be logged to detect anomalies.
⏳ Dynamic Access: In some cases, temporary (Just-In-Time) permissions may be applied only when needed.
🏢 Centralized Management
💻 The use of systems like PAM (Privileged Access Management) is recommended to:
✅ Manage privileged accounts from a centralized panel.
✅ Automate processes related to privileged credentials.
✅ Implement dynamic controls based on context and audit activity.