Clarification of admin and superadmin roles

Recently I learned about a superadmin role which caused some confusion. In the most recent DLeap versions, users in this role may see extra actionbuttons regardless of workflow permission settings in applications.

Hence I would like to clarify all DLeap admin roles as they are documented not enough.

1. There should be Volt App Users group with Editor access and Delete documents permission configured on VoltBuilder.nsf ACL which grants access to the Manage page to developers. Only people in this group can create their own apps. Other users can only access running applications once they learn the appllcation URI.
2. There is [VoltAppManager] role which is a superadmin role that allows administrator to access the Manage page and see all apps regardless of their access permissions. The workflow permissions still apply but [VoltAppsManager] can modify stage permissions as they wish and thus reconfigure the application security. The business case for this is to take ownership of apps created by users who are no longer available.
3. There is [LeapAdmin] role which grants access to Admin dashboard and nothing else. In other words, [LeapAdmin] role does not grant superadmin permissions to manage apps.

@Christopher Dawes can you confirm that the above is correct, please?

Reference:

• [VoltAppsManager] and [LeapAdmin] are mentioned on page post-installation tasks
• Admin and SuperAdmin groups are mentioned in relation to admin application dashboard only
• "Volt app authors" group is documented on page controlling who creates applications

The Domino Leap access is a bit more complicated than Leap because of the Domino aspect. In our Leap documentation (https://opensource.hcltechsw.com/leap-doc/9.3.7/in_deploying_was.html) we have the roles:

UseApplicationsUsers, EditApplicationsUsers, SuperAdminUsers and AdministrativeUsers

In Leap 9.3.7 we made some changes to how these roles work, imposing a hierarchy to them.

Use is for end users to launch and submit forms

Edit is for people that can create forms.

SuperAdmin is a business user that can access any forms created

Admin is person that will install and configure Leap. (this role includes all others)

In Domino Leap we tried to maintain the same kind of distinction, but the names are different.

VoltAppAuthors is the equivalent of EditApplicationsUsers.

VoltAppsManager is the superAdmin

LeapAdmin is the Admin. It is my understanding that even in Domino Leap, this role has the power of all others.

Thanks for the explanation.

However, if [VoltAppsManager] is a superadmin who can not see Admin dashboard (only), then it makes sense to remove this role completely to avoid confusion. At the moment there are two admin roles that are not 100% identical and even worse, the so called superadmin is less powerful than admin :-)