Global Administrator
Global Admin v/s Administrator Role
There are two types of administrator accounts within RegScale. They are described below:
- Global Admin - a "break glass" account,
admin
, that is used for initial login, setup of Tenants within the enterprise edition, and provisioning of the user account for the first system administrator. Once the first system administrator account is created, this account should not be used for any other administrative tasks. It is only intended for initial setup and for managing tenants. This account should never be deleted or de-activated. IMPORTANT - once you set youradmin
password, please secure it in a safe place as this password is not retrievable by RegScale. The customer is solely responsible for securely managing this password. - Administrator - god-mode account within a given tenant. It should be used for creating all addtionial users and configuring tenant settings.
The key differences between these accounts are shown below:
- The
admin
account has god-mode across multiple tenants and can create new tenants. - The
admin
account will not show in the user list like other administrator roles (which is a privilege assigned to individual accounts). - There is only one
admin
account per RegScale install. The administrator role can be applied to many users in each tenant based on business need. - The
admin
role has limited access within the RegScale application that is primarily centered on creating tenants and the first administrator account.
Resetting the Global Admin Account
RegScale will not have access to the Global Admin account and cannot recover the password. In some cases, customers have lost this password, mistyped it, or otherwise become locked out of the account. For this reason, we have built in a reset system to restore the password to the default. The following steps will allow you to reset the Global Admin password:
- Add a new Environment Variable as follows
AtlasityReset='true'
- Stop the RegScale container
- Apply the new environment variable (locally or in the config files)
- Restart the RegScale container
- When the app restarts, it will reset the Global Admin password to the default
51mpl3Compliance$
password (NOTE: Copy and paste this password to be precise as numbers and letters can be easily confused) - Login as
admin
with the password in the previous step - Change the password to something secure and store it in a safe place
- Stop the RegScale container
- Remove the
AtlasityReset
environment variable or set the flag tofalse
(NOTE: If already set, manually remove it from memory on the server/laptop or reapply with thefalse
setting) - Restart the container without the reset flag set
The app is now secure again and the admin
password is reset. Customers must ensure that only trusted administrators have access to the server or infrastructure where RegScale is hosted. Access to the Global Admin account applies god mode permissions to the given user (including the ability to create other system administrators). Customers should NEVER leave the Global Admin account in a configuration where it leverages the default password. The default should always be changed immediately.
Updated 11 months ago