blob: 003c4e81d5d229d81f2725c83b41f5b0eb5c42ed [file] [view]
---
id: superadmin
title: Super Admin
---
Super Admin is the administrator of the whole system, we can use it in models like RBAC, ABAC and RBAC with domains etc. The detailed example is as follows:
```ini
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"
```
It illustrates that as for the defined ```request_definition```, ```policy_definition```, ```policy_effect``` and ```matchers```, Casbin judges if the request can match the policy, or most importantly, if the ```sub``` is root. Once the judgment is correct, the authorization then is allowed, and the user has permission to do everything.
Just like the root of Linux systems, after the users are authorized as root, then we have the permissions to access all the files and settings. So if we want ```sub``` to have the full access to the whole system, we can let it become the super admin, then the ```sub``` has the permission to do everything.