When using a layered security approach to system administration, who would have the highest access privileges?


Typically, the super administrator of the I.T. system would have highest access privileges. However, to mitigate risks of one person holding all the keys to that kingdom, it is a recommended practice to have two users with super administrator privileges, and delegate lower access privileges to other users, based on the least privilege principle. This would ensure that individuals would only have the least level of access their role requires. Super admins would log in only for completing tasks that cannot be completed by the other administrators or users of the system. And all their login activity would be logged in a read-only file and monitored by internal audit. This would ensure layered security, separation of duties, and implementation of the least privilege principle, and strengthen the security of the systems.