Elevated privilege

A role that requires elevated privilege prevents the system from assigning it to a user at login. Instead, a user must manually elevate privileges to receive the elevated role.

In the base system, only the security_admin role requires elevated privilege.

Figure 1. The security administrator role
The security_admin role
Note: The record for the system_admin role is only visible to users who elevate privileges to the security_admin role.
An elevated privilege role only lasts for the duration of the user session. Session timeout or log-out removes the role. To use an elevated role, all these conditions must be met:
  • The role must be assigned to the user.
  • The user must manually elevate roles.

User who do not have an elevated privilege role do not see an option to elevate roles. For example in the base system, only the System Administrator user has the security_admin role.

Figure 2. Roles assigned to the System Administrator user
The list of roles assigned to the System Administrator user.

Therefore in the base system, only the System Administrator user has the option to Elevate Roles.

Figure 3. Elevate roles