Security Administrator role

When the High Security plugin is activated, a new role called security_admin is created and added to the default System Administrator user.

This role is a peer to the admin role and, therefore, is not inherited by users who are assigned the admin role by default (base system System Administrator, for example). This new role is marked as an elevated privilege, which means the user who is assigned the role will need to be manually elevated to the role during an interactive session. The security_admin role protects resources in the platform such as ACL, properties, and records, that require security to bar access by the normal admin user.