Contents x
    About Account Privilege Manager
      • Print
      • PDF
      Contents

      About Account Privilege Manager

        • Print
        • PDF
        Article summary

        Help page about Account Privilege Manager.

        summary

        The Account Privilege Manager is the most powerful of TROCCO's privileges.
        Only one user can be granted per account, and multiple users cannot be granted.
        The privileges of the user you will receive when your account is first issued will be Account Privilege Administrator.

        Account Privilege Manager can

        The account privileged administrator can view and operate the following in addition to being able to do the account administrator privileges.

        Deleting Users

        The account privileged administrator can delete users.
        For more information, see Deleting Users.

        View and manipulate all resources created in your account

        Account Privileged Administrators can view and manipulate all resources created in the account, including ETL Configuration and Data Mart Configuration.

        Difference between account privileged administrators and other users

        Normally, TROCCO only allows you to view, execute, edit, delete, and perform other operations on the resources that you have created.
        If you are using the team function, in addition to the above, you can also perform various operations on resources that you have not created based on the roles assigned to the team to which you belong.
        In other words, TROCCO generally does not allow any operations on resources to which it does not have authority.

        However, only the account privileged administrator may exceptionally perform all operations (read, edit, execute, and delete) on all resources that exist in the account.

        Resource after user deletion

        Deleting a user does not delete resources created by that user, such as ETL Configurations and Data Mart Configurations.
        If the resource is not managed by a Resource Group, it is usually not available for operation.
        However, an account privileged administrator can operate even such a resource.

        View and manipulate all Team Resource Groups created in your account

        When the Teams feature is enabled, the account privileged administrator can view and manipulate all Team Resource Groups created in the account.
        You can also select a Resource Group on the edit screen for each resource, and at this time, you can choose where the resource belongs from all the Resource Groups created in your account.

        View and manipulate all API Keys created in your account

        The account privileged administrator can view, edit, and delete all API Keys created in the account.
        For more information about API KEY, see About TROCCO API.

        Display API KEY

        The value of API Key can be checked only immediately after creation.
        After that, the API KEY is masked except for the first three characters of the API KEY.
        Therefore, even the account administrator cannot check the specific value of API Key.

        about-super-admin-apikey.png

        Change of organization name

        The account privileged administrator can change the organization name.
        See organization name for details.

        Disable two-factor authentication set by each user in the account

        Warning regarding disabling two-factor authentication

        Disabling two-factor authentication is an operation that is not originally recommended because it reduces the level of security.
        It is recommended that deactivation be limited to cases where a user is no longer able to log in using two-factor authentication.
        Users who have successfully logged in by disabling it should be prompted to enable two-factor authentication again.

        The account privilege administrator can disable the two-factor authentication set by each user in the account.
        It can be disabled from the user's permission settings.

        about-super-admin-2fa.png

        Delegation of Account Privilege Manager Authority

        Account Privilege Administrator privileges can only be granted to one user per account.
        More than one user cannot be an account privileged administrator.
        In addition, no changes can be made that would result in zero account privileged administrators in the account.
        Therefore, when changing the account privilege manager, the existing account privilege manager must delegate authority to another user.

        Users to whom account privilege administrator privileges can be delegated

        Delegation of account privileged administrator privileges can only be done by the account privileged administrator himself/herself.

        delegation procedure

        1. From the User Management screen, click Edit for the user to whom you want to delegate privileges.
          image.png

        2. Select Account Privilege Manager from Privileges
          about-super-admin-step2.png

        3. Check the Delegate account privileges administrator checkbox in the warning at the bottom of the screen .
          about-super-admin-step3.png

        4. Click Save

        Authority is delegated immediately upon clicking Save.

        Unintentional delegation of account privileged administrator privileges

        In the unlikely event that you have unintentionally delegated account privileged administrator privileges, please ask the account privileged administrator to whom you delegated the privileges to redelegate the privileges.

        Was this article helpful?
        What's Next