Super Admin is the administrator of the whole system, we can use it in models like RBAC, ABAC and RBAC with domains etc. The detailed example is as follows:
[request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [policy_effect] e = some(where (p.eft == allow)) [matchers] m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"
It illustrates that as for the defined
matchers, Casbin judges if the request can match the policy, or most importantly, if the
sub is root. Once the judgment is correct, the authorization then is allowed, and the user has permission to do everything.
Just like the root of Linux systems, after the users are authorized as root, then we have the permissions to access all the files and settings. So if we want
sub to have the full access to the whole system, we can let it become the super admin, then the
sub has the permission to do everything.